Simple internal FTP access in IOS ACLs

Unanswered Question
Aug 30th, 2008

I can't get access to my internal windows ftp server every time I apply an access list to the outside.

When I take out the ACL, everyone from the internet can access the internal FTp server (which is what we want).

What is the access list (or access lists) I need in order to allow this?

my internal IP is

It is a cisco router 1841 running IOS

thanks in advanced

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Sat, 08/30/2008 - 18:40

This would depend on the mode used by the clients (ACTIVE OR PASV)?

For ACTIVE FTP you need to allow both 20 and 21 as the destination ports going to the server. For PASV you need to allow a lot, have a look here (this link is just to see the difference between ACTIVE/PASV):

And this is the actual link for all configs:




This Discussion