12-18-2007 09:05 PM - edited 03-09-2019 07:40 PM
Hi everybody,
We have a Windows 2003 server running two FTP servers: one on port 21 for local IP phones and one on port 12345 for external access. I am interested in setting up the second server.
I test FTP on port 12345 on LAN and everything is fine. However I can not access it from the outside. We have a Cisco 877 ADSL router. I have mapped the port over with:
ip nat inside source static tcp 10.0.0.1 12345 interface dialer0 12345
And put this ACL on the dialer0 interface:
access-list 101 permit tcp any host 10.0.0.1 eq 12345
When I use SmartFTP Client to open, it always says Connection refused by host. I also have:
ip inspect name MYFIREWALL ftp
Do I miss anything? I think the ip inspect command may only apply to the standard FTP port (i.e. 21) and it doesn't inspect FTP on my 12345 port. How can I define an FTP inspect on a nonstandard port?
Thank you for your help.
Triet
12-18-2007 09:18 PM
the command you're looking for is "ip port-map"...
in your case:
ip port-map ftp 12345
I don't know if this will fix your problem, but there ya go.
12-19-2007 04:20 PM
Thank you for the reply. I thought this could fix the problem and I just tried that command but it didn't.
Do you think of any other causes?
12-20-2007 04:03 AM
Your other problem is that access list 101 is incorrect. You have applied it to the outside interface, so the addresses used must be the global addresses. You have used the local address (10.0.0.1)for the FTP server. The access list is evaluated before the NAT.
Wes
12-26-2007 03:36 PM
Sorry I tried this, still not working. Has anyone have this issue before?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide