Hi, I am wanting to allow active FTP traffic to pass through my router, however, I am not too sure how to do this. An access list wouldn't quite work seeing as though the port on the client side is random.
My other thought was to use ip insepct's FTP command but was not too sure if it would keep track of the appropriate port numbers?
try the following access-list it worked out for me.
interface serial 0/0/0
ip access-group 101 out
access-list 101 permit tcp host host eq 20
access-list 101 permit tcp host host eq 21
access-list 101 deny ip host any
access-list 101 permit ip any any
lemme know your feed back on this & if the above ACL fails, try the below one, because you have mentioned that the client side it takes the random ports
access-list 101 permit tcp host host eq 21
access-list 101 permit tcp host host range 1025 65535
access-list 101 deny ip host any
access-list 101 permit ip any any
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
