Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

FTP NAT on NON STANDARD PORT

I have problems when natting ftp on a standard port. My router do source and destination nat because my net and external net are overlapping.

So i created an access-list and a route-map do identify traffing to be natted:

ip access-list extended A

permit ip host 10.1.1.1 host 192.168.1.1

permit ip host 10.1.1.2 host 192.168.1.1

permit ip host 10.1.1.3 host 192.168.1.1

route-map AM permit 1

match ip address A

Then i created nat configuration

ip nat service list A ftp tcp port 10021

ip nat pool APOOL 172.31.15.3 172.31.15.5 netmask 255.255.255.248

ip nat inside source route-map AM pool APOOL

ip nat outside source static 192.168.1.1 10.1.1.30

ip route 10.1.1.30 255.255.255.255 Dialer0

When i connect to 192.168.1.1:10021 all work ok, i can issue user and password, but when i send list command, i cannot complete the comunication.

The problem is that in passive mode, port command show me real ftp address (192.168.1.1) and not the translated one (10.1.1.30) so my client cannot connect to ftp server data port.

I cannot use active mode for security reason.

I need to avoid that server send to me port command with the real address.

Someone can help me?

Thx.

  • LAN Switching and Routing
3 REPLIES
New Member

Re: FTP NAT on NON STANDARD PORT

I solved by myself. Thx anyway.

New Member

Re: FTP NAT on NON STANDARD PORT

How did you fix it?

New Member

Re: FTP NAT on NON STANDARD PORT

Im having same problem.

I've nat`d inside address to outside.

I cannot get Passive FTP accessible on outside world.

What do I need to do so ftp uses passive ports greater than 1023 on router?

Thanks,

Keith

296
Views
0
Helpful
3
Replies
This widget could not be displayed.