×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ftp connected doesn't limit incoming connections

Unanswered Question

I have access lists set up for the serial side (group 100) and network side (group 101). The serial side group 100 access list uses the following:

access-list 100 permit tcp any eq ftp any connected

but this doesn't seem to prevent ftp logins on the web server (as intended), which is on the network side, from the internet, which is on the serial side.


The serial side is:interface Serial1/0

no ip address

ip access-group 100 out

shutdown

no fair-queue


This is on a Cisco 1751 router with 12.0 software.


Why doesn't it prevent incoming ftp connections?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bfeeny Fri, 10/26/2001 - 11:58
User Badges:

It would be more typical to have an "incoming" access list on your serial, do something like:


access-list 100 permit tcp any any connected


Also remember you have ftp and ftp-data to deal with, ftp is a very strange protocol in the way it handles circuit setup. The client connects to the server, and then the server connects to the client.

Actions

This Discussion