Need Help to get WAN access

Unanswered Question
Aug 2nd, 2007

Iinstalled FTP server today. Cannot access FTP from WAN.

# Here is what commands I did on router.

1) ip nat inside source static 10.1.0.10 21x.x.x.x (<-- X I hid vlaues for x)

2) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp

3) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp-data

# Here is what the router looks like: show RUN command

ip acccess-list extended Outside

permit tcp any host 21x.x.x.x eq ftp

permit tcp any host 21x.x.x.x eq ftp-data

# Here is my ACCESS-LISTS: show access-lists

Extended IP access list 145

10 permit tcp 216.0.0.0 0.255.255.255 any eq 22

Extended IP access list 170

10 permit tcp any host 21x.x.x.34 eq 587

Extended IP access list NAT

10 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255

20 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255 (12522210 matches)

30 permit ip 10.0.0.0 0.255.255.255 any (2978031 matches)

Extended IP access list Outside

10 permit tcp 63.146.60.0 0.0.0.255 any eq 22

20 permit tcp host 64.141.139.190 any eq 22

25 permit tcp any host 21x.x.x.37 eq ftp

26 permit tcp any host 21x.x.x.37 eq ftp-data

30 permit tcp any host 21x.x.x.35 eq www

40 permit tcp any host 21x.x.x.35 eq 443

50 permit tcp any host 21x.x.x.36 eq www

60 permit tcp any host 21x.x.x.36 eq 443

65 permit tcp any host 21x.x.x.34 eq 995

70 permit tcp any host 21x.x.x.34 eq smtp

75 permit tcp any host 21x.x.x.34 eq 587

80 permit tcp any host 21x.x.x.34 eq www

90 permit tcp any host 21x.x.x.34 eq 443

110 permit icmp any any echo-reply

120 permit esp any any

130 permit udp any any eq isakmp

140 permit udp any any eq non500-isakmp

150 deny ip any any log

Extended IP access list Policy-NAT

10 permit ip host 10.1.0.11 192.168.2.0 0.0.0.255 (5378531 matches)

Extended IP access list Split

10 permit ip 10.0.0.0 0.255.255.255 any

20 permit ip 192.168.1.0 0.0.0.255 any

Extended IP access list nat

Extended IP access list outside

Extended IP access list policy-nat

10 permit ip host 10.1.0.11 192.0.0.0 0.255.255.255

Extended IP access list unlock

10 permit ip any any (6489 matches)

20 permit gre any any

30 permit esp any any

40 permit ahp any any

50 permit icmp any any

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jdevoll Thu, 08/02/2007 - 18:00

Can you post a simple network diagram showing the relationship between your WAN, this router and the FTP server?

Can you post a 'show run int ' for all of the relevant interfaces on this router?

mikntwd49508 Thu, 08/02/2007 - 18:27

!

interface FastEthernet0/1.200

description INET

encapsulation dot1Q 200

ip address 216.x.x.33 255.255.255.248

no snmp trap link-status

jdevoll Thu, 08/02/2007 - 20:38

Sorry, I just don't see enough information to be able to tell what is going on.

Can you post and a simple diagram demonstrating the relationship between the router in question, the FTP server, and the WAN would be very helpful. If you could include the interface designators in your diagram for the router in question that would help a lot to. (ergo, is the FTP server on the other side of S0/0, is the WAN side of the router G0/1/0 )

Pavel Bykov Thu, 08/02/2007 - 23:15

You need to specify which interface is outside and which is inside with "ip nat outside" and "ip nat inside" commands.

Actions

This Discussion