FTP on a nonstandard port

Unanswered Question
Dec 18th, 2007
User Badges:

Hi everybody,

We have a Windows 2003 server running two FTP servers: one on port 21 for local IP phones and one on port 12345 for external access. I am interested in setting up the second server.

I test FTP on port 12345 on LAN and everything is fine. However I can not access it from the outside. We have a Cisco 877 ADSL router. I have mapped the port over with:

ip nat inside source static tcp 12345 interface dialer0 12345

And put this ACL on the dialer0 interface:

access-list 101 permit tcp any host eq 12345

When I use SmartFTP Client to open, it always says Connection refused by host. I also have:

ip inspect name MYFIREWALL ftp

Do I miss anything? I think the ip inspect command may only apply to the standard FTP port (i.e. 21) and it doesn't inspect FTP on my 12345 port. How can I define an FTP inspect on a nonstandard port?

Thank you for your help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
trietgiang Wed, 12/19/2007 - 16:20
User Badges:

Thank you for the reply. I thought this could fix the problem and I just tried that command but it didn't.

Do you think of any other causes?

hwknight53 Thu, 12/20/2007 - 04:03
User Badges:

Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address ( the FTP server. The access list is evaluated before the NAT.


trietgiang Wed, 12/26/2007 - 15:36
User Badges:

Sorry I tried this, still not working. Has anyone have this issue before?


This Discussion