Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

port forwarding

Hi all, when port forwarding, I have seen when you can have the extendable keyword after, for some reason my soho router wont let me type this, any reason ? and why would we use port forwarding, would we use it to basically forward to services becasue we only have one ip address but many servers etc behind it ?


Re: port forwarding

Active FTP work with static /extended (port forwarding) but it does not work with PAT.

The reason is that when you open up the FTP connection you connect to port 21 at the remote FTP server. But when you do a "ls", "put", get", or anything that needs to use a data port, the server opens up another connection back to the client. When you open your original FTP connection from the inside and the router pretends that you are a specific outside IP, and picks a random port number to use, the FTP server thinks it is talking to that IP address and that port number. Therefore, when it needs to open up the data connection back, due to the "get" or "ls", and so forth, it then attempts to open a TCP connection from port 20 to some random port that the server decides. While on the outside IP it thinks it is talking to, the router hears traffic directed at its outside IP, but does not have any PAT mapping for that random port number that the server picked. Therefore, it does not know that this traffic is supposed to go back to the client.

The port 20 never gets established. The fix is to use "passive FTP" mode. Passive FTP has the client open both port 21 and port 20 connections from the start. The router knows about both of them rather than just port 21, and allows the server to open port 20.