|
|
|
|
|
Posted by duguayjordan@gmail.com on September 24, 2005, 3:32 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I am unable to foward FTP traffic to my internal server. Can someone
take a look at my configuration and see if I am missing anything.
Thanks
PIX Version 7.0(1)
hostname doncarpix
domain-name doncarsys.com
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp
no pager
logging enable
logging timestamp
logging emblem
logging trap warnings
logging asdm warnings
logging mail critical
logging from-address doncarpix@doncarsys.com
logging recipient-address jduguay@doncarsys.com level errors
logging host inside 198.163.230.202 format emblem
mtu external 1500
mtu inside 1500
no failover
monitor-interface external
monitor-interface inside
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
global (external) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask
255.255.255.255
access-group ACL_OUT in interface external
route external 0.0.0.0 0.0.0.0 x.x.114.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
username jduguay password EVop5bqi.XYr9e0u encrypted privilege 15
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 198.163.230.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp
telnet 198.163.230.0 255.255.255.255 inside
telnet timeout 5
ssh scopy enable
ssh 198.163.230.0 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
!
service-policy global_policy global
management-access inside
Cryptochecksum:56ed1986d662ca941f5c3b9ca8419bcd
: end
|
 
| |
Posted by Walter Roberson on September 25, 2005, 12:04 am
If you were Registered and logged in, you could reply and use other advanced thread options
:I am unable to foward FTP traffic to my internal server.
:PIX Version 7.0(1)
I haven't worked with 7.0(1) yet, but I'll give it a try.
Note that 7.0(2) is out to fix a number of bugs.
:access-list ACL_OUT extended permit tcp any host x.x.114.254 eq ftp
:global (external) 1 interface
:nat (inside) 1 0.0.0.0 0.0.0.0
:static (inside,external) tcp x.x.114.254 ftp 198.163.230.1 ftp netmask
255.255.255.255
:access-group ACL_OUT in interface external
You chopped out both 'ip address' statements, which makes it harder
to diagnose. It would have been easier if you had left in the
ip addresses but obscured them as you did for the other locations.
If it so happens that x.x.114.254 is your outside PIX IP, then
in 6.x you would need to use "interface outside" in the ACL instead of
"host x.x.114.254", and in the static statement you would replace
"x.x.114.254" with the keyword "interface".
If it so happens that 198.163.230.1 is your PIX inside address, you
have a problem.
--
I was very young in those days, but I was also rather dim.
-- Christopher Priest
|
|
Posted by duguayjordan@gmail.com on September 26, 2005, 3:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Router Internal IP 198.163.230.3
FTP Server IP 198.163.230.1
I changed the ACL and route like you suggested and still nothing. Is
there anything else that may be wrong with the configuration?
|
|
Posted by Walter Roberson on September 27, 2005, 10:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
;Router Internal IP 198.163.230.3
;FTP Server IP 198.163.230.1
:I changed the ACL and route like you suggested and still nothing. Is
:there anything else that may be wrong with the configuration?
Could you post the outside ACL, and static, and IP statements?
--
Camera manufacturers have temporarily delayed introduction of
sub-millibarn resolution bio-hyperdimensional plasmatic space polyimaging,
but indications are that is still just around the corner.
|
| Similar Threads | Posted | | Forward UDP Traffic on Aironet? | March 10, 2007, 3:36 pm |
| 6500 traffic forward | August 13, 2007, 2:38 pm |
| Can i forward all the traffic to a specific website? | November 9, 2005, 11:10 pm |
| Forward VLAN traffic to separate MPLS L2 VPN's | February 6, 2007, 5:57 am |
| DNS forward | November 24, 2004, 1:03 am |
| Need help on port forward on 501 PIX | September 19, 2005, 7:02 pm |
| Cut-Through or Store and Forward | November 19, 2005, 10:23 am |
| Forward all trafic to Lan | January 24, 2007, 7:23 am |
| ip forward-protocol | July 17, 2007, 12:04 pm |
| open a port and to forward it | December 9, 2004, 4:08 pm |
|
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars!
Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage
on the real estate market. Whether your cabling is for home office or high-tech
leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language!
Learn More
|
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map