I have problems when natting ftp on a standard port. My router do source and destination nat because my net and external net are overlapping.
So i created an access-list and a route-map do identify traffing to be natted:
ip access-list extended A
permit ip host 10.1.1.1 host 192.168.1.1
permit ip host 10.1.1.2 host 192.168.1.1
permit ip host 10.1.1.3 host 192.168.1.1
route-map AM permit 1
match ip address A
Then i created nat configuration
ip nat service list A ftp tcp port 10021
ip nat pool APOOL 172.31.15.3 172.31.15.5 netmask 255.255.255.248
ip nat inside source route-map AM pool APOOL
ip nat outside source static 192.168.1.1 10.1.1.30
ip route 10.1.1.30 255.255.255.255 Dialer0
When i connect to 192.168.1.1:10021 all work ok, i can issue user and password, but when i send list command, i cannot complete the comunication.
The problem is that in passive mode, port command show me real ftp address (192.168.1.1) and not the translated one (10.1.1.30) so my client cannot connect to ftp server data port.
I cannot use active mode for security reason.
I need to avoid that server send to me port command with the real address.
Someone can help me?