Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
5
Replies

Accessing Servers behind NAT

anka_ozcan
Level 1
Level 1

‎12-28-2005 11:58 PM - edited ‎03-03-2019 11:19 AM

hi;

I have a FTP server behind NAT enabled Cisco router.I want to access FTP server from outside, with configuration below, when I tried to connect FTP server, from netstat command output on FTP server I see there is a connection to FTP port but wait in LISTENNING state. What is the problem?

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed auto

!

interface Serial0/0

ip address <....public ip....>

ip nat outside

no fair-queue

<...rest...>

!

interface Serial0/1

no ip address

shutdown

!

ip nat inside source static tcp 192.168.1.2 20 interface Serial0/0 20

ip nat inside source static tcp 192.168.1.2 21 interface Serial0/0 21

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0

no ip http server

!

Labels:
0 Helpful
5 Replies 5

pkhatri
Level 11
Level 11

‎12-29-2005 12:22 AM

Hi,

The fact that you can see the FTP port in a LISTENING state simply means that the FTP server is running okay.

I presume you are FTP'ing to your router's WAN IP address, right ?

Can you do a 'debug ip nat detailed' on your router to see whether the router is performing NAT or not ?

Paresh.

0 Helpful

Georg Pauwen
VIP
VIP

‎12-29-2005 05:50 AM

Hello,

you might want to try and add the keyword 'extendable' to your NAT statements:

ip nat inside source static tcp 192.168.1.2 20 interface Serial0/0 20 extendable

ip nat inside source static tcp 192.168.1.2 21 interface Serial0/0 21 extendable

Regards,

GP

0 Helpful

anka_ozcan
Level 1
Level 1
In response to Georg Pauwen

‎02-24-2006 02:14 PM

OK. but what about if we use route-map ?

for example for configuration below:

<.....>

!

ip nat inside source route-map Dialer0 interface Dialer0 overload

ip nat inside source route-map Dialer1 interface Dialer1 overload

!

access-list 97 permit 192.168.1.0 0.0.0.255

access-list 98 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

dialer-list 2 protocol ip permit

!

route-map Dialer0 permit 10

match ip address 97

match interface Dialer0

!

route-map Dialer1 permit 10

match ip address 98

match interface Dialer1

!

<..rest of the config...>

0 Helpful

balajitvk
Level 4
Level 4

‎12-29-2005 06:14 AM

There is a document that describes different modes of ftp and also the problems faced by customer behind one side of nat to connect to the server.

http://www.openbsd.org/faq/pf/ftp.html

i hope this will help u!

0 Helpful

ekiriakos
Level 1
Level 1

‎02-26-2006 03:26 PM

Use the extendable keyword as suggested by GP eralier. You can still overload on the external i/f

Rgds

E.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card