07-24-2007 05:53 AM - edited 03-05-2019 05:27 PM
I have problems when natting ftp on a standard port. My router do source and destination nat because my net and external net are overlapping.
So i created an access-list and a route-map do identify traffing to be natted:
ip access-list extended A
permit ip host 10.1.1.1 host 192.168.1.1
permit ip host 10.1.1.2 host 192.168.1.1
permit ip host 10.1.1.3 host 192.168.1.1
route-map AM permit 1
match ip address A
Then i created nat configuration
ip nat service list A ftp tcp port 10021
ip nat pool APOOL 172.31.15.3 172.31.15.5 netmask 255.255.255.248
ip nat inside source route-map AM pool APOOL
ip nat outside source static 192.168.1.1 10.1.1.30
ip route 10.1.1.30 255.255.255.255 Dialer0
When i connect to 192.168.1.1:10021 all work ok, i can issue user and password, but when i send list command, i cannot complete the comunication.
The problem is that in passive mode, port command show me real ftp address (192.168.1.1) and not the translated one (10.1.1.30) so my client cannot connect to ftp server data port.
I cannot use active mode for security reason.
I need to avoid that server send to me port command with the real address.
Someone can help me?
Thx.
07-25-2007 12:39 AM
I solved by myself. Thx anyway.
11-06-2007 02:31 PM
How did you fix it?
11-09-2007 12:27 PM
Im having same problem.
I've nat`d inside address to outside.
I cannot get Passive FTP accessible on outside world.
What do I need to do so ftp uses passive ports greater than 1023 on router?
Thanks,
Keith
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide