Solved: FTP problems still... - Page 2

jmartina · ‎07-18-2004

ok..I posted this last week, and i still can not get it to work, everything else works...but can't get ftp to work...does any one have a config i can compare?

here is entire config

Current configuration : 3170 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname router1

!

logging buffered 16384 debugging

enable secret 5

memory-size iomem 15

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

!

ip tcp path-mtu-discovery

!

ip dhcp pool dhcppool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 7

!

no ip bootp server

ip audit attack action alarm reset

ip audit notify log

ip audit po max-events 100

ip cef

!

interface Ethernet0

ip address dhcp

ip access-group 100 in

ip access-group 101 out

no ip redirects

no ip unreachables

no ip proxy-arp

ip accounting access-violations

ip nat outside

half-duplex

ntp disable

no cdp enable

!

interface FastEthernet0

ip address 10.10.10.1 255.255.255.0

ip access-group 100 in

ip access-group 101 out

ip nat inside

speed auto

no cdp enable

!

ip nat inside source list 1 interface Ethernet0 overload

ip nat inside source static tcp 10.10.10.60 13015 interface Ethernet0 13015

ip nat inside source static tcp 10.10.10.60 13014 interface Ethernet0 13014

ip nat inside source static tcp 10.10.10.60 13013 interface Ethernet0 13013

ip nat inside source static tcp 10.10.10.60 13012 interface Ethernet0 13012

ip nat inside source static tcp 10.10.10.60 13011 interface Ethernet0 13011

ip nat inside source static tcp 10.10.10.60 13010 interface Ethernet0 13010

ip nat inside source static tcp 10.10.10.60 21 interface Ethernet0 21

ip nat inside source static tcp 10.10.10.60 20 interface Ethernet0 20

ip classless

no ip http server

ip pim bidir-enable

!

ip access-list extended internet-in

!

logging 10.10.10.66

access-list 1 permit 10.0.0.0 0.255.255.255 log

access-list 100 permit tcp any any established log

access-list 100 permit tcp any gt 1023 host 10.10.10.60 eq ftp-data log

access-list 100 permit tcp any gt 1023 host 10.10.10.60 eq ftp log

access-list 100 permit tcp any gt 1023 host 10.10.10.60 eq 1023 log

access-list 100 permit icmp any any net-unreachable

access-list 100 permit icmp any any host-unreachable

access-list 100 permit icmp any any port-unreachable

access-list 100 permit icmp any any parameter-problem

access-list 100 permit icmp any any packet-too-big

access-list 100 permit icmp any any administratively-prohibited

access-list 100 permit icmp any any source-quench

access-list 100 permit icmp any any echo-reply

access-list 100 permit ip any any log

access-list 101 permit ip any any log

access-list 101 permit tcp any any log

access-list 101 permit udp any any log

no cdp run

!

banner motd ^C

****************************

* WARNING *

****************************

!

line con 0

line aux 0

line vty 0 3

password 7

login

telnet refuse-negotiations

line vty 4

password 7

login

telnet refuse-negotiations

!

Harold Ritter · ‎07-19-2004

Yes, it was me indeed. Just checking if everything was working fine. It is working now ;o)

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

jmartina · ‎07-19-2004

u can get to it?

jmartina · ‎07-19-2004

ok..i see on my FTP server you got through, why wont it allow me to connect from with in the network, meaning i can if i go to ftp://10.10.10.60 but not ftp://24.223.139.x , this is wierd...so its probably worked all along ,accept i have only tested from with in my own network....do you know off the top of your head why it denys me to do this ? ..thanks this really takes some stress off of me....1000 points

Harold Ritter · ‎07-19-2004

If the FTP session is established from a workstation on the same subnet then NAT is not involved at all. You then need to used the local address (10.10.10.60). The global address should only be used if the FTP session is established from the Internet. In other words the behavior you are seeing is normal.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

jmartina · ‎07-19-2004

yes...i understand now....its not like using a netgear which i was able to do it that way for troubleshooting....hey thanks for all your help...