NAT for Multiple FTP sites

Unanswered Question
Feb 20th, 2006
User Badges:

I am using NAT overload and static NAT on my router. The router configuration is as follows:


Router(config)#interface fa0/0

Router(config-if)#ip address 192.168.1.254 255.255.255.0

Router(config-if)#no shut

Router(config-if)#ip nat inside


Router(config-if)#interface fa0/1

Router(config-if)#ip address 203.109.120.2 255.255.255.252

Router(config-if)#no shut

Router(config-if)#ip nat outside


Router(config)#ip route 0.0.0.0 0.0.0.0 interface fa0/1

Router(config)#ip nat inside source list 1 interface fa0/1 overlaod

Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255


Router(config)#ip nat inside source static tcp 192.168.1.252 80 interface fa 0/1 80

Router(config)#ip nat inside source static tcp 192.168.1.252 21 interface fa 0/1 21


The ftp site and web server are accessible from the internet.

I have created another FTP site using private IP 192.168.1.250 and default FTP port 21 on FTP server. The site is accessible from within the LAN but not from the internet. Is there any form of static NAT which will allow this. I am out of ideas. Please help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
leonvd79 Mon, 02/20/2006 - 05:07
User Badges:
  • Silver, 250 points or more

Use another port for that FTP server (i.e. 2121) or apply for additional public IP addresses.

farhan_p2000 Mon, 02/20/2006 - 05:39
User Badges:

I tried creating another Ftp site using port number 1024 and used the following static NAT command.

ip nat inside source static tcp 192.168.1.252 1024 interface fa 0/1 1024


Again, this site is accessible from within the LAN but not from the internet.


leonvd79 Mon, 02/20/2006 - 05:47
User Badges:
  • Silver, 250 points or more

The host for both 21 and 1024. I thought you wanted to use 192.168.1.250 for the secondary FTP server.


"ip nat inside source static tcp 192.168.1.252 1024" uses the same host as "ip nat inside source static tcp 192.168.1.252 21"


Do you have an inbound access-list configured and/or use a firewall that blocks inbound traffic on ports other than 80 and 21 for instance?

farhan_p2000 Mon, 02/20/2006 - 06:02
User Badges:

No there is neither any inbound access-list on the router nor do we have a firewall.



Actions

This Discussion