Re: NAT for Multiple FTP sites

farhan_p2000 · ‎02-20-2006

I am using NAT overload and static NAT on my router. The router configuration is as follows:

Router(config)#interface fa0/0

Router(config-if)#ip address 192.168.1.254 255.255.255.0

Router(config-if)#no shut

Router(config-if)#ip nat inside

Router(config-if)#interface fa0/1

Router(config-if)#ip address 203.109.120.2 255.255.255.252

Router(config-if)#no shut

Router(config-if)#ip nat outside

Router(config)#ip route 0.0.0.0 0.0.0.0 interface fa0/1

Router(config)#ip nat inside source list 1 interface fa0/1 overlaod

Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255

Router(config)#ip nat inside source static tcp 192.168.1.252 80 interface fa 0/1 80

Router(config)#ip nat inside source static tcp 192.168.1.252 21 interface fa 0/1 21

The ftp site and web server are accessible from the internet.

I have created another FTP site using private IP 192.168.1.250 and default FTP port 21 on FTP server. The site is accessible from within the LAN but not from the internet. Is there any form of static NAT which will allow this. I am out of ideas. Please help

leonvd79 · ‎02-20-2006

Use another port for that FTP server (i.e. 2121) or apply for additional public IP addresses.

farhan_p2000 · ‎02-20-2006

I tried creating another Ftp site using port number 1024 and used the following static NAT command.

ip nat inside source static tcp 192.168.1.252 1024 interface fa 0/1 1024

Again, this site is accessible from within the LAN but not from the internet.

leonvd79 · ‎02-20-2006

The host for both 21 and 1024. I thought you wanted to use 192.168.1.250 for the secondary FTP server.

"ip nat inside source static tcp 192.168.1.252 1024" uses the same host as "ip nat inside source static tcp 192.168.1.252 21"

Do you have an inbound access-list configured and/or use a firewall that blocks inbound traffic on ports other than 80 and 21 for instance?

farhan_p2000 · ‎02-20-2006

No there is neither any inbound access-list on the router nor do we have a firewall.