cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
232
Views
0
Helpful
1
Replies

port forwarding

carl_townshend
Spotlight
Spotlight

Hi all, when port forwarding, I have seen when you can have the extendable keyword after, for some reason my soho router wont let me type this, any reason ? and why would we use port forwarding, would we use it to basically forward to services becasue we only have one ip address but many servers etc behind it ?

1 Reply 1

wong34539
Level 6
Level 6

Active FTP work with static /extended (port forwarding) but it does not work with PAT.

The reason is that when you open up the FTP connection you connect to port 21 at the remote FTP server. But when you do a "ls", "put", get", or anything that needs to use a data port, the server opens up another connection back to the client. When you open your original FTP connection from the inside and the router pretends that you are a specific outside IP, and picks a random port number to use, the FTP server thinks it is talking to that IP address and that port number. Therefore, when it needs to open up the data connection back, due to the "get" or "ls", and so forth, it then attempts to open a TCP connection from port 20 to some random port that the server decides. While on the outside IP it thinks it is talking to, the router hears traffic directed at its outside IP, but does not have any PAT mapping for that random port number that the server picked. Therefore, it does not know that this traffic is supposed to go back to the client.

The port 20 never gets established. The fix is to use "passive FTP" mode. Passive FTP has the client open both port 21 and port 20 connections from the start. The router knows about both of them rather than just port 21, and allows the server to open port 20.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco