08-02-2007 01:00 PM - edited 03-03-2019 06:09 PM
Iinstalled FTP server today. Cannot access FTP from WAN.
# Here is what commands I did on router.
1) ip nat inside source static 10.1.0.10 21x.x.x.x (<-- X I hid vlaues for x)
2) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp
3) ip access-list extended outside permit tcp any host 21x.x.x.37 eq ftp-data
# Here is what the router looks like: show RUN command
ip acccess-list extended Outside
permit tcp any host 21x.x.x.x eq ftp
permit tcp any host 21x.x.x.x eq ftp-data
# Here is my ACCESS-LISTS: show access-lists
Extended IP access list 145
10 permit tcp 216.0.0.0 0.255.255.255 any eq 22
Extended IP access list 170
10 permit tcp any host 21x.x.x.34 eq 587
Extended IP access list NAT
10 deny ip 10.0.0.0 0.255.255.255 192.168.1.0 0.0.0.255
20 deny ip 10.0.0.0 0.255.255.255 192.168.2.0 0.0.0.255 (12522210 matches)
30 permit ip 10.0.0.0 0.255.255.255 any (2978031 matches)
Extended IP access list Outside
10 permit tcp 63.146.60.0 0.0.0.255 any eq 22
20 permit tcp host 64.141.139.190 any eq 22
25 permit tcp any host 21x.x.x.37 eq ftp
26 permit tcp any host 21x.x.x.37 eq ftp-data
30 permit tcp any host 21x.x.x.35 eq www
40 permit tcp any host 21x.x.x.35 eq 443
50 permit tcp any host 21x.x.x.36 eq www
60 permit tcp any host 21x.x.x.36 eq 443
65 permit tcp any host 21x.x.x.34 eq 995
70 permit tcp any host 21x.x.x.34 eq smtp
75 permit tcp any host 21x.x.x.34 eq 587
80 permit tcp any host 21x.x.x.34 eq www
90 permit tcp any host 21x.x.x.34 eq 443
110 permit icmp any any echo-reply
120 permit esp any any
130 permit udp any any eq isakmp
140 permit udp any any eq non500-isakmp
150 deny ip any any log
Extended IP access list Policy-NAT
10 permit ip host 10.1.0.11 192.168.2.0 0.0.0.255 (5378531 matches)
Extended IP access list Split
10 permit ip 10.0.0.0 0.255.255.255 any
20 permit ip 192.168.1.0 0.0.0.255 any
Extended IP access list nat
Extended IP access list outside
Extended IP access list policy-nat
10 permit ip host 10.1.0.11 192.0.0.0 0.255.255.255
Extended IP access list unlock
10 permit ip any any (6489 matches)
20 permit gre any any
30 permit esp any any
40 permit ahp any any
50 permit icmp any any
08-02-2007 06:00 PM
Can you post a simple network diagram showing the relationship between your WAN, this router and the FTP server?
Can you post a 'show run int ' for all of the relevant interfaces on this router?
08-02-2007 06:27 PM
!
interface FastEthernet0/1.200
description INET
encapsulation dot1Q 200
ip address 216.x.x.33 255.255.255.248
no snmp trap link-status
08-02-2007 08:38 PM
Sorry, I just don't see enough information to be able to tell what is going on.
Can you post and a simple diagram demonstrating the relationship between the router in question, the FTP server, and the WAN would be very helpful. If you could include the interface designators in your diagram for the router in question that would help a lot to. (ergo, is the FTP server on the other side of S0/0, is the WAN side of the router G0/1/0 )
08-02-2007 11:15 PM
You need to specify which interface is outside and which is inside with "ip nat outside" and "ip nat inside" commands.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide