How to redirect ftp port for inbound traffic?

How to redirect ftp port for inbound traffic?

NewsGroups | Search | Tools
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
How to redirect ftp port for inbound traffic? thomas 08-21-2006
Posted by thomas on August 21, 2006, 2:50 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi everybody.
I am a Cisco newbie trying to configure NAT so any inbound ftp trafic gets
redirected to a designated internal hosts.
I thought it should be very simple to do SDM but I can not get it working.
My WAN interface has ISP dynamically assigned IP address.
It is probably the most commaon scenario but I found no example in the SDM
2.3.2 Users's Giude.
Could someone help?
Thank you,
Tomasz



home networking made easy, greater protection, less stress, introducing nm 5.0, 728x90
Posted by Robert Langdon on August 23, 2006, 11:54 am
If you were  Registered and logged in, you could reply and use other advanced thread options

> Hi everybody.
> I am a Cisco newbie trying to configure NAT so any inbound ftp trafic gets
> redirected to a designated internal hosts.
> I thought it should be very simple to do SDM but I can not get it working.
> My WAN interface has ISP dynamically assigned IP address.
> It is probably the most commaon scenario but I found no example in the SDM
> 2.3.2 Users's Giude.
> Could someone help?
> Thank you,
> Tomasz

Hi Tomasz,

I am not dealing with SDM but you can do it easily by the command line:

ip nat inside source static tcp <LAN-IP> 21 interface <Dialer to your
ISP> 21
ip nat inside source static tcp <LAN-IP> 20 interface <Dialer to your
ISP> 20

Cheers,

Robert

Posted by thomas on August 29, 2006, 2:26 am
If you were  Registered and logged in, you could reply and use other advanced thread options

>
>> Hi everybody.
>> I am a Cisco newbie trying to configure NAT so any inbound ftp trafic
>> gets
>> redirected to a designated internal hosts.
>> I thought it should be very simple to do SDM but I can not get it
>> working.
>> My WAN interface has ISP dynamically assigned IP address.
>> It is probably the most commaon scenario but I found no example in the
>> SDM
>> 2.3.2 Users's Giude.
>> Could someone help?
>> Thank you,
>> Tomasz
>
> Hi Tomasz,
>
> I am not dealing with SDM but you can do it easily by the command line:
>
> ip nat inside source static tcp <LAN-IP> 21 interface <Dialer to your
> ISP> 21
> ip nat inside source static tcp <LAN-IP> 20 interface <Dialer to your
> ISP> 20
>
> Cheers,
>
> Robert

Hi Rob,

Just one more thing: how do I enable ftp on the firewall?
Here is what I have been trying - these are my first two rules:

access-list 102 permit tcp any eq ftp host <int_host_ip> eq ftp
access-list 102 permit tcp any eq ftp-data host <int_host_ip> eq ftp-data

but it does not work. Am I missing something?
Rule 102 is applied to the dialer0 interface: ip access-group 102 in

Tomasz



Posted by Igor Mamuzic on August 29, 2006, 3:56 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Thomas,

If you want to allow access on your FTP server from the Internet you should
allow traffic on TCP:21 and TCP:20 from any Internet host onto your FTP host
public ip address. This ACL should be applied in your case onto dialer
interface (inbound direction).

Best regards,
Igor



>
>>
>>> Hi everybody.
>>> I am a Cisco newbie trying to configure NAT so any inbound ftp trafic
>>> gets
>>> redirected to a designated internal hosts.
>>> I thought it should be very simple to do SDM but I can not get it
>>> working.
>>> My WAN interface has ISP dynamically assigned IP address.
>>> It is probably the most commaon scenario but I found no example in the
>>> SDM
>>> 2.3.2 Users's Giude.
>>> Could someone help?
>>> Thank you,
>>> Tomasz
>>
>> Hi Tomasz,
>>
>> I am not dealing with SDM but you can do it easily by the command line:
>>
>> ip nat inside source static tcp <LAN-IP> 21 interface <Dialer to your
>> ISP> 21
>> ip nat inside source static tcp <LAN-IP> 20 interface <Dialer to your
>> ISP> 20
>>
>> Cheers,
>>
>> Robert
>
> Hi Rob,
>
> Just one more thing: how do I enable ftp on the firewall?
> Here is what I have been trying - these are my first two rules:
>
> access-list 102 permit tcp any eq ftp host <int_host_ip> eq ftp
> access-list 102 permit tcp any eq ftp-data host <int_host_ip> eq ftp-data
>
> but it does not work. Am I missing something?
> Rule 102 is applied to the dialer0 interface: ip access-group 102 in
>
> Tomasz
>



Similar ThreadsPosted
PIX 501 - Redirect VPN traffic to another WAN IP January 24, 2006, 11:01 am
PIX 501, redirect to port already being used February 28, 2007, 2:03 pm
Redirect Outbound SMTP Traffic to Specific Server - 837 and 2621 July 21, 2004, 5:15 pm
Cisco 7507 Port Redirect November 5, 2006, 6:57 pm
redirect external tcp port to another outside host March 5, 2008, 12:24 pm
PIX 501 wll not allow inbound traffic November 2, 2006, 12:26 pm
outbound port 80 redirect to specific destination address February 28, 2008, 1:07 am
ASA5505 not passing inbound TCP traffic (what am I missing)? August 24, 2007, 2:45 pm
Should I block inbound port 25 on the PIX 515? April 20, 2005, 8:08 am
redirect traffic on specific ip to specific interface June 3, 2005, 12:51 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map