|
Posted by Igor Mamuzic on August 29, 2006, 3:56 am
If you were Registered and logged in, you could reply and use other advanced thread options
If you want to allow access on your FTP server from the Internet you should
allow traffic on TCP:21 and TCP:20 from any Internet host onto your FTP host
public ip address. This ACL should be applied in your case onto dialer
interface (inbound direction).
Best regards,
Igor
>
>>
>>> Hi everybody.
>>> I am a Cisco newbie trying to configure NAT so any inbound ftp trafic
>>> gets
>>> redirected to a designated internal hosts.
>>> I thought it should be very simple to do SDM but I can not get it
>>> working.
>>> My WAN interface has ISP dynamically assigned IP address.
>>> It is probably the most commaon scenario but I found no example in the
>>> SDM
>>> 2.3.2 Users's Giude.
>>> Could someone help?
>>> Thank you,
>>> Tomasz
>>
>> Hi Tomasz,
>>
>> I am not dealing with SDM but you can do it easily by the command line:
>>
>> ip nat inside source static tcp <LAN-IP> 21 interface <Dialer to your
>> ISP> 21
>> ip nat inside source static tcp <LAN-IP> 20 interface <Dialer to your
>> ISP> 20
>>
>> Cheers,
>>
>> Robert
>
> Hi Rob,
>
> Just one more thing: how do I enable ftp on the firewall?
> Here is what I have been trying - these are my first two rules:
>
> access-list 102 permit tcp any eq ftp host <int_host_ip> eq ftp
> access-list 102 permit tcp any eq ftp-data host <int_host_ip> eq ftp-data
>
> but it does not work. Am I missing something?
> Rule 102 is applied to the dialer0 interface: ip access-group 102 in
>
> Tomasz
>
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map