Cisco 857W FTP behind router problem

mattyp1980 · ‎07-21-2005

I have recently purchased a Cisco 857W router for my home office and need to setup my Buffalo NAS FTP server behind it. I require remote access from my main office to the FTP server but can't seem to access it remotely, I have opened port 21 and created a NAT rule from inside to outside interface but still no joy. Has anyone got any knowledge of the procedure and if so could they please assist me, thanks.

paddyxdoyle · ‎07-21-2005

Hi,

How is your NAT configured, something like:

# ip nat inside source static

internal interface

---

# ip nat inside

external interface

---

# ip nat outside

Are you seeing anything traffic being NATed

# debug ip nat

HTH

PJD

mattyp1980 · ‎07-21-2005

Hi thanks for your help I appreciate it, I am a Cisco newbie so to help answer your questions here is the relevant part of the config file...

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

no ip address

bridge-group 1

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip access-group 101 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

ip inspect DEFAULT101 out

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname ********************

ppp chap password 7 ******************

interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address 192.168.0.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.0.2 21 interface Dialer0 21

!

ip access-list extended sdm_dialer0_in

remark SDM_ACL Category=1

permit ip any any

!

logging trap debugging

logging 192.168.0.1

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host 62.241.163.200 eq domain any

access-list 101 permit udp host 62.241.162.200 eq domain any

access-list 101 remark BUFFALO FTP

access-list 101 permit tcp any any eq ftp log

access-list 101 deny ip 192.168.0.0 0.0.0.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any log

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport preferred all

transport output telnet

line aux 0

login local

transport preferred all

transport output telnet

line vty 0 4

privilege level 15

login local

transport preferred all

transport input telnet ssh

transport output all

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end