Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > access list for ftp

Reply
Thread Tools

access list for ftp

 
 
Ramon Barquier
Guest
Posts: n/a
 
      01-22-2004
Hi,

we have an access-list in our router for permit the ftp traffic only for
certains destinations ip. The rules are:

access-list 102 permit tcp any host aaa.bbb.ccc.ddd eq 21
access-list 102 permit tcp any eq ftp-data host aaa.bbb.ccc.ddd gt 1023

This work fine with ftp commands but not when attempt to make a browser
connection to the ftp server.

Any suggestion on how i would make this rule?


--
Ramón Barquier Montalbán
Servei d'Informŕtica

Edifici D
Campus de la UAB
08193 Bellaterra. Barcelona
Tel. +34 935 811 488 Fax: +34 935 812 094
http://www.velocityreviews.com/forums/(E-Mail Removed)
www.uab.es/si


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      01-22-2004
In article <buor2a$j5l$(E-Mail Removed)>,
Ramon Barquier <(E-Mail Removed)> wrote:
:we have an access-list in our router for permit the ftp traffic only for
:certains destinations ip. The rules are:

:access-list 102 permit tcp any host aaa.bbb.ccc.ddd eq 21
:access-list 102 permit tcp any eq ftp-data host aaa.bbb.ccc.ddd gt 1023

:This work fine with ftp commands but not when attempt to make a browser
:connection to the ftp server.

Speculating here:

- the browsers might be attempting to contact the remote host on port 20
(ftp-data)

- the browsers might be using passive ftp from a port other than
port ftp-data .

At the end of your list, put in

access-list 102 deny ip any any log-input

and monitor your logs to see what is being attempted.
--
Preposterous!! Where would all the calculators go?!
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why can't I access ftp://ftp.isc.org/ ? Mike Easter Computer Support 10 03-15-2007 12:28 AM
Net::FTP problems getting files from Windows FTP server, but not Linux FTP Server. D. Buck Perl Misc 2 06-29-2004 02:05 PM
I'd like to know about the difference of between access-list and ip access -list. PS2 gamer Cisco 6 06-09-2004 01:37 PM
803 access list for FTP transfers? Peter Cisco 0 12-01-2003 07:56 PM
2611 Access List problem - outbound FTP Joe Bloe Cisco 2 07-24-2003 12:22 AM



Advertisments