Hi Guys. I am trying to map my ftp service out to my public ip.
I have windows 2008 running my FTP server on an internal IP of 192.168.1.175.
I had translated these
I have tried changing the access list to suit ports 21 and 20 but have changed it as above as I was trying passive.
Im obviously getting it wrong somewhere and have been at it a little while. Can anyone help please!!
thanks
I have windows 2008 running my FTP server on an internal IP of 192.168.1.175.
I had translated these
and thought this ACL would do it..ip nat inside source static tcp 192.168.1.175 20 212.159.***.*** 20 extendable
ip nat inside source static tcp 192.168.1.175 21 212.159.***.*** 21
access-list 101 permit tcp any host 212.159.***.*** eq ftp
access-list 101 permit tcp any host 212.159.***.*** gt 1024
access-list 101 permit ip any any
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
switchport access vlan 2
speed 100
pppoe enable group global
pppoe-client dial-pool-number 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
description AGETNET_DOMAIN
no ip address
ip nat inside
ip virtual-reassembly
no dot11 extension aironet
!
encryption mode ciphers tkip
!
ssid AGETNET_DOMAIN
!
ssid AgerNet-Domain
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description INTERNAL NETWORK
no ip address
ip virtual-reassembly
bridge-group 1
!
interface Vlan2
description WAN LINK
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 10
!
interface Dialer1
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 10
ppp authentication chap callin
ppp chap hostname ******
ppp chap password 0 ******
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
ip access-group 101 out
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 FastEthernet0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static 192.168.1.175 interface Dialer1
ip nat inside source static tcp 192.168.1.175 20 212.159.***.*** 20 extendable
ip nat inside source static tcp 192.168.1.175 21 212.159.***.*** 21 extendable
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 10 permit any
access-list 10 deny any log
access-list 101 permit tcp any host 212.159.***.*** eq ftp
access-list 101 permit tcp any host 212.159.***.*** gt 1024
access-list 101 permit ip any any
I have tried changing the access list to suit ports 21 and 20 but have changed it as above as I was trying passive.
Im obviously getting it wrong somewhere and have been at it a little while. Can anyone help please!!
thanks