FTP server cant get through CISCO 2600 series router

alstergee · ‎05-17-2010

ive added the port into the NAT but i cant access the ftp site through the router, our server is 192.168.0.240, our router is 192.168.0.1, and our ext. ip is: 63.77.110.***heres my config:

Current configuration : 1429 bytes

!

! Last configuration change at 18:08:54 MDT Mon May 17 2010

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Latitude

!

boot-start-marker

boot-end-marker

!

enable secret 5 ******************************************

enable password ******

!

no aaa new-model

clock timezone MST -7

clock summer-time MDT recurring

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

ip name-server 208.67.222.222

ip name-server 192.168.0.240

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

ip address 63.77.110.*** 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 63.77.110.1

!

ip http server

no ip http secure-server

ip nat pool overload 63.77.110.*** 63.77.110.*** prefix-length 24

ip nat inside source list 1 pool overload overload

ip nat inside source static tcp 192.168.0.240 21 63.77.110.*** 21 extendable

ip nat inside source static tcp 192.168.0.240 3389 63.77.110.*** 3389 extendable

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password ********

login

!

ntp clock-period 17208029

ntp server 67.50.43.18

!

end

Federico Coto Fajardo · ‎05-17-2010

Alex,

If you try to telnet on port 21 to the public IP of the FTP server does it works?

From a command prompt on a machine:

telnet PUBLIC_IP 21

Federico.

alstergee · ‎05-17-2010

i can get to it from local host, and other computers on the network, but not externally.

C:\Documents and Settings\alex.LATITUDE>telnet PUBLIC_IP 21

Connecting To PUBLIC_IP...Could not open connection to the host, on port 21: Con

nect failed

Federico Coto Fajardo · ‎05-17-2010

Alex,

I cannot try it from my location because I don't see the last octect 63.77.110.***

Do you get the same result when doing a telnet on port 3389?

Please answer these questions:

1. Do you have Internet access from the server? i.e if you try to PING or open a browser from the server itself?

2. There are no ACLs on the router from the configuration that you sent, is there any other device in the path to the Internet that might be blocking traffic, like a firewall?

Federico.

alstergee · ‎05-17-2010

i withheld some info lol we just replaced our router with this Cisco one today everything worked fine until we swapped out our edgewater router for the Cisco router. i cant telnet, ping, or otherwise anything from outside the network even though those ports are open in the router... our internet is served from a company within our building so its just the internet, our router, then that goes streight into our switches, no firewalls, or anything in the way, it should just go...

what is ACL? should i set that up?

Federico Coto Fajardo · ‎05-17-2010

Can you PING the actual IP of the router? FastEthernet0/1 from outside the network?

The router's configuration is allowing the traffic.

If you're on the outside, and you do a traceroute for the IP that you're trying to reach where does it get to?

You do a traceroute from the commmand prompt of a machine: traceroute PUBLIC_IP

Federico.