Allow FTP to DMZ

wraights · ‎05-20-2002

I have a server on my DMZ that I want to allow people to FTP to.

I want to allow only specific IP addresses. This is what I have done and *I think* that it works, but I am seeing no hits on it.

What I have done is created access-lists below:

access-list name permit tcp host 63.0.1.2 host 34.9.35.2 eq ftp

63.0.1.2 is the clients specific IP address and the 34.9.35.2 ip address is our FTP server.

I am seeing no hits on the access-list, yet when I do that, they are able to ftp. Up until now. There is one client that I have added an access-list for and they still can't FTP. Any clue?

Am I doing this wrong or what? Any input is greatly appreciated!

SMW

rickan2000 · ‎05-21-2002

have you assigned your access-list to the interface outside?

wraights · ‎05-21-2002

Ummm...you know what...no.

But I tried it and no traffic was allowed through after that. I couldn't even surf. What am I doing wrong?

What I am doing with other access-lists is this:

I add them through nat. So there is one access-list that I have created for VPN users and they have to access a server on the DMZ so I have the command:

nat (dmza) access-list 101

Is that what I should do with these other access-lists?

Man I think I am a little slow...Thanks for the help!

wraights · ‎05-21-2002

When I do bind that to the DMZ interface it gives me this error:

WARNING: access-list protocol or port will not be used

What does that mean. And when I try to bind other access-lists to that dmz it replaces the other one instead of adding it in.

I think I have something wrong. What is it?

wraights · ‎05-21-2002

Never mind...I decided to use a conduit permit command instead and that worked fine.

conduit permit tcp host x.x.x.x eq ftp host x.x.x.x

Thanks for helping anyways!