11-08-2007 04:47 AM - edited 03-03-2019 07:27 PM
Hello,
I need to allow PASSV FTP to outside world so users using internet explorer web browser can access our ftp site.
What command do I do (use) and show example how to enter command...?
Here is what I've done thus far:
*** 9.8.7.6.5 is example of WAN IP ***
1) mapped internal adddress of ftp server to external WAN IP (Nat`d)
ip nat inside source static 192.168.1.10 21 9.8.7.6.5 21
2) modify ACL
permit tcp any host 9.8.7.6 ftp
permit tcp any host 9.8.7.6 ftp-data
permit tcp any host 9.8.7.6 www
permit tcp any host 9.8.7.6 443
permit tcp any host 1.2.3.4 www
permit tcp any host 1.2.3.4 443
permit tcp any host 1.2.3.4 995
permit tcp any host 1.2.3.4 smtp
permit tcp any host 1.2.3.4 587
permit gre any any
permit icmp any any echo-reply
permit esp any any
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit udp any any eq 4500
permit udp any any eq 5500
permit udp any any eq 1701
permit udp any any eq 1723
deny ip any any log
your help is appreciated. Thanks
11-08-2007 05:55 AM
1. This is a one-way ACL (just a note, so you don't forget)
2. FTP creates TCP connection on >1023 ports after it agreed everything it needs on 20/21 ports. Therefore there should also be the following line:
permit tcp any host 9.8.7.6 gt 1023
Also, what is the 1.2.3.4 address?
And as well, in NAT there is only one mapping for only port 21. Shouldn't you map ports 20, 80, 443 and >1023 as well?
11-08-2007 07:51 AM
Is this how I would do enter it?
permit tcp any host 216.109.202.50 gt 1023
ip nat inside source static 10.1.0.12 20 216.109.202.50 20
ip nat inside source static 10.1.0.12 80 216.109.202.50 80
ip nat inside source static 10.1.0.12 >1023 216.109.202.50 >1023
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide