Unanswered Question
Jul 24th, 2007

I have problems when natting ftp on a standard port. My router do source and destination nat because my net and external net are overlapping.

So i created an access-list and a route-map do identify traffing to be natted:

ip access-list extended A

permit ip host host

permit ip host host

permit ip host host

route-map AM permit 1

match ip address A

Then i created nat configuration

ip nat service list A ftp tcp port 10021

ip nat pool APOOL netmask

ip nat inside source route-map AM pool APOOL

ip nat outside source static

ip route Dialer0

When i connect to all work ok, i can issue user and password, but when i send list command, i cannot complete the comunication.

The problem is that in passive mode, port command show me real ftp address ( and not the translated one ( so my client cannot connect to ftp server data port.

I cannot use active mode for security reason.

I need to avoid that server send to me port command with the real address.

Someone can help me?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
keithwillson Fri, 11/09/2007 - 12:27

Im having same problem.

I've nat`d inside address to outside.

I cannot get Passive FTP accessible on outside world.

What do I need to do so ftp uses passive ports greater than 1023 on router?




This Discussion