Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Any chance for passive FTP with this config?

Reply
Thread Tools

Any chance for passive FTP with this config?

 
 
Matthias Fischer
Guest
Posts: n/a
 
      01-31-2004
Hi Group!

Ok, I know - this question has been asked a hundred times - I googled
and found more than I could handle...

But perhaps someone had *the idea* and something has changed...

Here's a running-config for (simple) internet access - for my private
home network - through a Cisco 1003. Since I was a total Newbie with
Cisco's IOS, I made a few mistakes at the beginning, right now it seems
to be ok.

1. Could someone please take a look and tell me if there is anything I
could optimize...?
2. Is there *any chance* to get at least *passive ftp* working with this
config, without changing too much? Every posting or article I found
ended with the conclusion (more or less) that I would had to "open
things up" more that I would like to...
If it ends with "leave it that way, forget ftp" its ok, I'm just asking
if there is anything I didn't mention and could have done better.

**********SNIP**********
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service hide-telnet-addresses
!
hostname Cisco1003
!
enable secret <deleted>
!
ip subnet-zero
no ip source-route
no ip domain-lookup
!
no ip bootp server
isdn switch-type basic-net3
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.100.254 255.255.255.0
ip access-group 12 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
!
interface BRI0
description connected to ISP
no ip address
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
no cdp enable
!
interface Dialer1
description connected to ISP
ip address negotiated
ip access-group filterin in
ip access-group filterout out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 59
dialer string 123456
dialer hold-queue 10
load-interval 600
dialer load-threshold 220 either
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname http://www.velocityreviews.com/forums/(E-Mail Removed)
ppp chap password <deleted>
ppp pap sent-username (E-Mail Removed) password <deleted>
ppp multilink
!
router rip
version 2
passive-interface Dialer1
network 192.168.100.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
!
ip access-list extended filterin
deny ip 192.168.100.0 0.0.0.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 224.0.0.0 31.255.255.255 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip host 0.0.0.0 any
deny icmp any any redirect
permit icmp any any
evaluate packets
ip access-list extended filterout
! 20 deactivated...
permit tcp any any eq 21 reflect packets
permit tcp any any eq 22 reflect packets
permit tcp any any eq smtp reflect packets
permit tcp any any eq domain reflect packets
permit tcp any any eq www reflect packets
permit tcp any any eq pop3 reflect packets
permit tcp any any eq nntp reflect packets
permit tcp any any eq 143 reflect packets
permit tcp any any eq 443 reflect packets
permit udp any any eq domain reflect packets
deny icmp any any time-exceeded
permit icmp any any reflect packets
evaluate packets
access-list 1 permit 192.168.100.0 0.0.0.255
! some hosts I have to block
access-list 12 deny 192.168.100.4
access-list 12 deny 192.168.100.5
access-list 12 deny 192.168.100.6
access-list 12 permit 192.168.100.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
exec-timeout 0 0
password <deleted>
login
line vty 0
password <deleted>
login
transport input none
line vty 1 4
login
transport input none
!
end
**********SNAP**********

Thanks in advance!


Matthias
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP passive problem with PIX 515E Diego Fernández Cisco 5 03-09-2006 08:35 AM
FTP socket command read blocking on passive RETR get Eric Java 0 03-04-2005 06:35 PM
passive ftp on CSS 11150 fails Martial Cisco 1 12-01-2004 08:55 AM
ftp passive command brian Cisco 0 11-22-2003 01:30 AM
Disable passive ftp in Mozilla 1.4 Michel Hoogervorst Firefox 0 07-29-2003 06:29 AM



Advertisments