Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
2
Replies

problem with extended access list to allow ftp

uy
Level 1
Level 1

‎07-26-2002 11:27 AM - edited ‎02-20-2020 09:18 PM

ftp only works if i don't use access list or use:

permit ip src_IP1 dst_ip2

or both statements

permit tcp src_ip1dst_ip2

permit udp src_ip1dst_ip2

does not work with the following config:

int fastethernet 0/0

ip address 172.16.53.131 255.255.255.0

ip access-group FastEther_in in

!

ip access-list extended FastEther_in

permit tcp 209.246.0.0 0.0.255.255 any eq ftp

what am i doing wrong?

Labels:
0 Helpful
2 Replies 2

afakhan
Level 4
Level 4

‎07-26-2002 12:09 PM

Hi,

Add a "deny ip any any" statement towards the end of the above ACL with log option , and see if you are getting FTP packets denied by the above ACL, as this ACL is being used as inbound FW ACL, it could be because of FTP server location, source IP address(es), FTP port being used etc. etc.

you can try by permitting "eq ftp-data" as well.

Thanks,

Afaq

0 Helpful

uy
Level 1
Level 1
In response to afakhan

‎07-26-2002 12:21 PM

i monitored the ftp session from the client side and saw the correct sorc/dst IP pairs and the server using the ftp port..

(client is webproxy07, server is 207.251.71.198), the client initiates the connection inbount to the router..

Using device /dev/qfe (promiscuous mode)

webproxy07 -> 207.251.71.198 FTP C port=57076

207.251.71.198 -> webproxy07 FTP R port=57076

webproxy07 -> 207.251.71.198 FTP C port=57076

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents