Hi all,

I have a Cisco 827 at home I am using for a DSL gateway/firewall. I have a single dynamic IP and private hosts on the LAN side.

So far, the connection is working, NAT is working, and port redirection (from the net to inside private hosts) is working.

When I enable the firewall through the web interface of this unit, it creates a series of inspect rules, and also an ACL. The inspect rules are applied to the dialer in an outbound direction, and the ACL is applied inbound.

What I have found is that when the ACL is applied, my port forwarding does not work (so I cant access my internal FTP server from the web anymore), but without the ACL inbound, its fine.

I added the following line to the ACL for FTP traffic, but it does not seem to work, so I was wondering if someone could point out what I am doing wrong.

The internal host (ftp server) is 192.168.0.20 if that helps. I also tried specifying that in the ACL instead of any, but still no luck.

The whole ACL is below.

access-list 111 permit tcp any eq ftp any eq ftp

access-list 111 permit tcp any eq 3389 any eq 3389

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 deny ip any any

Many thanks!