Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
5
Replies

Unable to FTP to outside world

rbmclean
Level 1
Level 1

‎03-15-2005 10:23 PM - edited ‎03-05-2019 11:28 AM

I think I have a problem with either my router.

I can not seem to connect to any ftp sites. I had a power failure a week or so back that out lasted my UPS. Ever since then I have been unable to ftp out.

I am not sure if my router has lost some settings or what.

I have checked my configs and everything looks fine. my network is as follows:

WWW

| (public IP)

| (public ip 2 for port forwarding)

2621

| (192.168.10.10)

|

Catalyst 5002 (12 port 10/100 module)(192.168.10.11)

| |

SBS2k3 (192.168.10.12) 2003 server (192.168.10.55)

|

SBS clients (192.168.20.x)

Neither the the sbs box, the 2003 server, or any of the sbs clients can ftp out.

The 2003 server is in it's own workgroup and not part of the sbs domain. It was working prior to the power outage.

So that is why I am inclined to think something has gone wrong with my router.

If anyone think they can assist me I'd be greatful.

Below is my router config:

Current configuration : 2450 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ROUTER

!

enable secret xxxxxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxxxxxxxxxxxxxxxx

!

memory-size iomem 15

clock timezone EST -5

ip subnet-zero

!

ip name-server my.isp.name.server1

ip name-server my.isp.name.server2

ip name-server my.sbs.ext.ip

!

voice call carrier capacity active

!

mta receive maximum-recipients 0

!

interface FastEthernet0/0

description connected to World Wide Web

ip address my.pub.ip.add1 a.b.c.d

ip access-group 110 in

ip nat outside

speed auto

half-duplex

!

interface FastEthernet0/1

description Connected to SBS 2003 Proliant ML530 3Com NIC

ip address 192.168.10.10 255.255.255.0

ip nat inside

speed 100

full-duplex

!

router rip

version 2

redistribute connected

passive-interface FastEthernet0/0

network 192.168.10.0

network my.isp.ip.net

no auto-summary

!

ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static my.sbs.ext.ip my.pub.ip.add2

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

no ip http server

!

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 1 permit 192.0.0.0 0.255.255.255

access-list 100 permit ip any any

access-list 101 permit tcp any any established

access-list 110 permit gre any host my.pub.ip.add2

access-list 110 permit tcp any host my.pub.ip.add2 eq 1723

access-list 110 permit tcp any host my.pub.ip.add2 eq www

access-list 110 permit tcp any host my.pub.ip.add2 eq pop3

access-list 110 permit tcp any host my.pub.ip.add25 eq 1080

access-list 110 permit tcp any host my.pub.ip.add2 eq 3389

access-list 110 permit tcp any host my.pub.ip.add2 eq smtp

access-list 110 permit tcp any host my.pub.ip.add2 eq 443

access-list 110 permit tcp any host my.pub.ip.add2 eq 444

access-list 110 permit tcp any any established

access-list 110 permit udp any eq domain any

access-list 110 permit udp any any eq domain

!

call rsvp-sync

!

mgcp profile default

!

dial-peer cor custom

!

line con 0

exec-timeout 0 0

password xxxxxxxxxxxxxxxxxxxx

login

line aux 0

line vty 0 4

password xxxxxxxxxxxxxxxxxxxxx

login

!

ntp clock-period 17180050

ntp server 192.5.41.41

!

end

Labels:
0 Helpful
5 Replies 5

lgijssel
Level 9
Level 9

‎03-15-2005 11:58 PM

Please try it again without the access-list 110:

int e0/0

no ip access-group 110 in

end

It seems likely that this acl blocks your ftp traffic.

Regards,

Leo

0 Helpful

rbmclean
Level 1
Level 1
In response to lgijssel

‎03-16-2005 08:26 AM

If that would be the case then it never would have worked in the first place, before the power outage.

0 Helpful

tblancha
Cisco Employee
Cisco Employee
In response to rbmclean

‎03-17-2005 11:49 AM

More than likely you had a working ACL 110 that permitted ports 20 & 21 but wasn't saved. So, when the power outage occured, you lost that config. Modify the 110 ACL to allow ports 20 & 21 or test it without it and let us know.

0 Helpful

rbmclean
Level 1
Level 1
In response to tblancha

‎03-17-2005 01:57 PM

I added the following:

access-list 110 permit tcp any host my.pub.ip.add2 eq ftp-data

access-list 110 permit tcp any host my.pub.ip.add2 eq ftp

!

when I ftp out this is what I get:

230 User bubba logged in.

ftp> dir

200 PORT command successful.

425 Can't build data connection: No route to host.

ftp>

I seem to be connetcting but only partially.

If I take out the ACL 110 it works

so it appears that something is wrong with ACL 110....arg.

If I take out ACL 110 don't this leave me wide open?

0 Helpful

tblancha
Cisco Employee
Cisco Employee
In response to rbmclean

‎03-17-2005 03:24 PM

Yes, your first issue is the ACL not permitting FTP. So, you will want to construct an ACL that allows FTP to get thru. Now you're hitting some kind of routing issue. Since it used to work, try to get an old show tech or running config and compare. Yes, if you remove the ACL, you would be wide open.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card