FTP NAT on NON STANDARD PORT

Unanswered Question
Jul 24th, 2007

I have problems when natting ftp on a standard port. My router do source and destination nat because my net and external net are overlapping.

So i created an access-list and a route-map do identify traffing to be natted:


ip access-list extended A

permit ip host 10.1.1.1 host 192.168.1.1

permit ip host 10.1.1.2 host 192.168.1.1

permit ip host 10.1.1.3 host 192.168.1.1


route-map AM permit 1

match ip address A


Then i created nat configuration


ip nat service list A ftp tcp port 10021

ip nat pool APOOL 172.31.15.3 172.31.15.5 netmask 255.255.255.248

ip nat inside source route-map AM pool APOOL

ip nat outside source static 192.168.1.1 10.1.1.30

ip route 10.1.1.30 255.255.255.255 Dialer0


When i connect to 192.168.1.1:10021 all work ok, i can issue user and password, but when i send list command, i cannot complete the comunication.

The problem is that in passive mode, port command show me real ftp address (192.168.1.1) and not the translated one (10.1.1.30) so my client cannot connect to ftp server data port.

I cannot use active mode for security reason.

I need to avoid that server send to me port command with the real address.

Someone can help me?


Thx.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
keithwillson Fri, 11/09/2007 - 12:27

Im having same problem.

I've nat`d inside address to outside.


I cannot get Passive FTP accessible on outside world.


What do I need to do so ftp uses passive ports greater than 1023 on router?


Thanks,

Keith

Actions

This Discussion