Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
747
Views
0
Helpful
2
Replies

PASV FTP port range forwarding

ekwoknetpro
Level 1
Level 1

‎03-23-2006 04:19 AM - edited ‎03-03-2019 12:09 PM

any command in IOS can forward a range of ports for PASV ftp?

I have a PASV ftp server behind the NAT router. it is too painful to forward each port line by line. For forwarding 20 ports, I need to enter 20 lines. I can't image if I need forward the ports more than that.

what comand can perform that if I want to for the port 5000-6000 to private address 192.168.1.0

Thanks

Labels:
0 Helpful
2 Replies 2

pkhatri
Level 11
Level 11

‎03-23-2006 04:26 AM

You might want to look at CBAC (Context-Based Access Control):

http://www.cisco.com/warp/public/110/iosfwfaq.html#qa5

Paresh

0 Helpful

ekwoknetpro
Level 1
Level 1
In response to pkhatri

‎03-23-2006 06:44 AM

Hi,

Thanks for your reply.

I hope my understanding of the CBAC is correct. it is a context based firewall, it temporary open the port based on the behavior of the application.

For the PASV, it opens the incoming port for the duration of the PASV ftp session.

In my saturation, I only have 1 public address with NAT to share the internet connection. I also have 1 PASV FTP server in the local network, it listens a range of FTP port (let say 5000-6000) for the ftp service on the local address 192.168.1.x. The NAT router forward the same range of TCP port (5000-6000) from the public address to the private address 192.168.1.x

it is nearly not possible to for so many port in command line with 1 port 1 line format. That's why I am looking for a solution for port forwarding in range.

0 Helpful
li.common.scroll-to.top