Re: FTP on a nonstandard port

trietgiang · ‎12-18-2007

Hi everybody,

We have a Windows 2003 server running two FTP servers: one on port 21 for local IP phones and one on port 12345 for external access. I am interested in setting up the second server.

I test FTP on port 12345 on LAN and everything is fine. However I can not access it from the outside. We have a Cisco 877 ADSL router. I have mapped the port over with:

ip nat inside source static tcp 10.0.0.1 12345 interface dialer0 12345

And put this ACL on the dialer0 interface:

access-list 101 permit tcp any host 10.0.0.1 eq 12345

When I use SmartFTP Client to open, it always says Connection refused by host. I also have:

ip inspect name MYFIREWALL ftp

Do I miss anything? I think the ip inspect command may only apply to the standard FTP port (i.e. 21) and it doesn't inspect FTP on my 12345 port. How can I define an FTP inspect on a nonstandard port?

Thank you for your help.

Triet

srue · ‎12-18-2007

the command you're looking for is "ip port-map"...

in your case:

ip port-map ftp 12345

http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_command_reference_chapter09186a00801a7f85.html#wp1141824

I don't know if this will fix your problem, but there ya go.

trietgiang · ‎12-19-2007

Thank you for the reply. I thought this could fix the problem and I just tried that command but it didn't.

Do you think of any other causes?

hwknight53 · ‎12-20-2007

Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address (10.0.0.1)for the FTP server. The access list is evaluated before the NAT.

Wes

trietgiang · ‎12-26-2007

Sorry I tried this, still not working. Has anyone have this issue before?