Announcement

Collapse
No announcement yet.

Problem with my FTP forward on Cisco 831

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with my FTP forward on Cisco 831

    Hi, I am having some trouble getting a connection to my ftp server. Locally the server is fine, but not external. I can connect to the SSH from outside without any problems, and as you can see it is on the same server as the FTP.

    Any input are appreciated.


    My Config file
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname rt01
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 XXXXX
    enable password 7 XXXXX
    !
    aaa new-model
    !
    !
    aaa authentication login vpnuserauthen local
    aaa authorization network groupauthor local
    !
    aaa session-id common
    !
    !
    ip nbar custom http tcp 80
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.6.1 192.168.6.100
    !
    ip dhcp pool CLIENT
    import all
    network 192.168.6.0 255.255.255.0
    default-router 192.168.6.1
    domain-name test.dk
    netbios-name-server 192.168.6.5
    netbios-node-type p-node
    dns-server 192.168.6.5
    lease 0 2
    !
    !
    ip cef
    ip domain timeout 5
    ip domain lookup source-interface Ethernet0
    ip domain name XXXXX.dk
    ip name-server 192.168.6.5
    !
    !
    !
    username XXXXX privilege 15 password 7 XXXXX
    username support password 7 XXXXX
    archive
    log config
    hidekeys
    !
    !
    ip ssh source-interface Ethernet0
    ip ssh rsa keypair-name ssh-key
    ip ssh version 2
    !
    class-map match-any smtp
    match protocol smtp
    class-map match-any WebEmail
    match protocol http
    match protocol secure-http
    class-map match-any vpn-tunnel
    match protocol gre
    match protocol ipsec
    match protocol pptp
    !
    !
    policy-map MyQoSPolicy
    class vpn-tunnel
    priority percent 25
    class smtp
    priority percent 15
    class WebEmail
    bandwidth remaining percent 40
    class class-default
    fair-queue
    !
    !
    !
    crypto isakmp policy 10
    hash md5
    authentication pre-share
    crypto isakmp key XXXXX address XXXXX.179
    !
    !
    crypto ipsec transform-set md53destrans esp-3des esp-md5-hmac
    mode transport
    !
    crypto ipsec profile ipsecprofile
    set transform-set md53destrans
    !
    !
    !
    !
    interface Tunnel0
    ip address 10.0.0.1 255.255.255.0
    ip ospf mtu-ignore
    tunnel source XXXXX.50
    tunnel destination XXXXX.179
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile ipsecprofile
    !
    interface Ethernet0
    description Local LAN
    ip address 192.168.6.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no cdp enable
    hold-queue 32 in
    !
    interface Ethernet1
    description Internet WAN
    bandwidth 10000000
    ip address XXXXX.51 255.255.255.240 secondary
    ip address XXXXX.52 255.255.255.240 secondary
    ip address XXXXX.53 255.255.255.240 secondary
    ip address XXXXX.54 255.255.255.240 secondary
    ip address XXXXX.50 255.255.255.240
    ip access-group 100 in
    ip nbar protocol-discovery
    ip nat outside
    ip virtual-reassembly
    duplex full
    no cdp enable
    service-policy output MyQoSPolicy
    hold-queue 2048 out
    !
    interface Ethernet2
    no ip address
    shutdown
    !
    interface FastEthernet1
    duplex auto
    speed auto
    !
    interface FastEthernet2
    duplex auto
    speed auto
    !
    interface FastEthernet3
    duplex auto
    speed auto
    !
    interface FastEthernet4
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 XXXXX.49
    ip route 192.168.100.0 255.255.255.0 Tunnel0
    !
    no ip http server
    no ip http secure-server
    !
    ip dns server
    ip nat inside source list 102 interface Ethernet1 overload
    ip nat inside source static tcp 192.168.6.5 25 2XXXXX.50 25 extendable
    ip nat inside source static tcp 192.168.6.5 80 XXXXX.50 80 extendable
    ip nat inside source static tcp 192.168.6.5 443 XXXXX.50 443 extendable
    ip nat inside source static tcp 192.168.6.5 444 XXXXX.50 444 extendable
    ip nat inside source static tcp 192.168.6.2 9443 XXXXX.51 443 extendable
    ip nat inside source static tcp 192.168.6.5 1723 XXXXX.51 1723 extendable
    ip nat inside source static tcp 192.168.6.2 22 XXXXX.51 6789 extendable
    ip nat inside source static tcp 192.168.6.2 21 XXXXX.51 21 extendable
    ip nat inside source static 192.168.6.52 XXXXX.52
    ip nat inside source static 192.168.6.53 XXXXX.53
    ip nat inside source static 192.168.6.54 XXXXX.54
    !
    access-list 23 permit XXXXX.178
    access-list 23 permit XXXXX.92
    access-list 23 permit XXXXX.197
    access-list 23 permit 192.168.6.0 0.0.0.255
    access-list 23 permit 192.168.7.0 0.0.0.255
    access-list 100 deny tcp any any eq domain
    access-list 100 deny udp any any eq domain
    access-list 100 permit ip any any
    access-list 102 permit ip 192.168.6.0 0.0.0.255 any
    access-list 130 deny ip 192.168.6.0 0.0.0.255 192.168.100.0 0.0.0.255
    access-list 130 permit ip 192.168.6.0 0.0.0.255 any
    no cdp run
    !
    route-map nonat permit 10
    match ip address 130
    !
    !
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    transport output all
    line aux 0
    transport output all
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    password 7 XXXXX
    transport input ssh
    transport output ssh
    !
    scheduler max-task-time 5000
    end

  • #2
    Re: Problem with my FTP forward on Cisco 831

    FTP can have issues when behind NAT as it uses ports 20 and 21 as well as other ports for data transfer. A good read is found at the following url.

    http://www.ncftp.com/ncftpd/doc/misc...firewalls.html

    I know the link refers to firewalls but some nat issues are also addressed.

    Comment

    Working...
    X