FTP server behind CISCO router using NAT

November 1, 2010 at 05:04:51
Specs: Windows XP
Hi.. Im quite new to cisco stuff and i have configured a windows FTP server with ip address 192.168.178.200. If i do a TELNET 192168.178.200 21 on my LAN i can see the FTP reply. But when i do TELNET 58.xx.xx.66 21, i cant access my FTP server. There seems to be a missing config statement on my cisco firewall. Hope somebody here can enlighten me and give me some solution. Please see config statements below. I believe that the NAT statement is not enough to allow the FTP traffic to pass thru.

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname xxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.178.1
!
ip dhcp pool Cisco-pool
import all
network 192.168.178.0 255.255.255.0
default-router 192.168.178.1
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
ip ssh version 2
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!

!
!
!
interface ATM0
description $ES_WAN$
ip address 58.xx.xx.66 255.255.255.252
ip nat outside
ip virtual-reassembly
no atm ilmi-keepalive
pvc 8/35
protocol ip 58.xx.xx.65 broadcast
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
ip unnumbered Vlan1
ip mroute-cache
peer default ip address pool dialin
no keepalive
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Vlan1
description $ETH-SW-LAUNCH$
ip address 192.168.178.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip local pool dialin 10.10.10.50 10.10.10.100
ip classless
ip route 0.0.0.0 0.0.0.0 58.xx.xx.65
ip route 10.10.10.0 255.255.255.0 58.xx.xx.65
ip route 10.10.10.0 255.255.255.255 58.xx.xx.65
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface ATM0 overload
ip nat inside source static tcp 192.168.178.200 21 interface ATM0 21
!
access-list 101 permit ip 192.168.178.0 0.0.0.255 any
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end


See More: FTP server behind CISCO router using NAT

Report •


#1
November 1, 2010 at 11:59:10
You need to forward your ftp port to the private ip address.

Perhaps this will help
http://portforward.com/english/rout...


Report •

#2
November 1, 2010 at 14:20:36
Not only do you need to forward the port, the command is ftp, not telnet, for port 21.

How do you know when a politician is lying? His mouth is moving.


Report •

#3
November 1, 2010 at 18:37:50
Hello Wanderer.. thanks for the reply. basically i have the statement you mentioned on the link you have provided.

ip nat inside source static tcp 192.168.178.200 21 interface ATM0 21

Any other suggestions?


Report •

Related Solutions

#4
November 1, 2010 at 18:39:36
Hello Guapo, telnet is a more technical way to test any port. You can see from my statement TELNET 58.xx.xx.66 21, ftp port is followed after the telnet.

Report •

#5
November 2, 2010 at 07:17:53
I never used telnet to port 21. That's new to me.

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question