Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Client behind Linksys Router/FTP Server behind PIX

Reply
Thread Tools

Client behind Linksys Router/FTP Server behind PIX

 
 
Corbin O'Reilly
Guest
Posts: n/a
 
      05-25-2004
Hi everyone. I am having a strange problem. I have an FTP server(running on
port 8821) behind a PIX that is translated from a public address to a
private address.

Example:

static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

conduit permit tcp host 205.152.0.8 eq 8821 any

If I dial-up to the internet with Earthlink and connect to 205.152.0.8 it
works. If I connect from my home computer which is behind a Linksys DSL
router it does not work. I suspect that this is some kind of NAT issue
because when I used WSFTP Pro from behind the Linksys I see my home
computer's internal IP address 192.168.1.8 referenced. Since the dial-up
connection was a true public address and the DSL was through a router I
think NAT definitely has something to do with it. The problem is I don't
know if the problem lies with the PIX 515 or the Linksys DSL router. I would
appreciate any help. Thanks.


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-25-2004
In article <dOMsc.3051$(E-Mail Removed)>,
Corbin O'Reilly <(E-Mail Removed)> wrote:
:Hi everyone. I am having a strange problem. I have an FTP server(running on
ort 8821) behind a PIX that is translated from a public address to a
rivate address.

:static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

:conduit permit tcp host 205.152.0.8 eq 8821 any

:The problem is I don't
:know if the problem lies with the PIX 515 or the Linksys DSL router.

Are you running PIX 4.4 software? If so, then you have to hope that
someone remembers back that far.

If you are running PIX 5.0 or later, then it's time for you to
convert from conduits to access-lists. Conduits will not be supported
in the next PIX software release.

My personal policy is to not even -try- to debug configurations
with conduits in them: Cisco has been saying for years that
they don't promise that conduits work any more, and I don't consider
it productive to try to debug something that might a known system
problem.
--
Scintillate, scintillate, globule vivific
Fain would I fathom thy nature specific.
Loftily poised on ether capacious
Strongly resembling a gem carbonaceous. -- Anon
 
Reply With Quote
 
 
 
 
Corbin O'Reilly
Guest
Posts: n/a
 
      05-26-2004
Okay. I was able to get this to work via PASV. I had to add the following
line to my PIX 515 6.3(3) config: FIXUP PROTOCOL FTP 8821. Now I can access
the FTP Server from behind my Linksys Router when I configure WSFTP Pro to
be Passive. Non-Passive/Port/Active still does not work. I think I
understand why now. He is a quote from a tech "Various internet protocols
break with a vanilla NAT implementation. FTP for example, will operate in
two modes, passive and active. NAT does not support active mode FTP, so
clients must be found that will operate in passive mode." I guess this tells
me that since my Linksys is doing NAT, Active FTP will never work. If anyone
knows a way to get Active FTP to work please let me know. Thanks.

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:c906l6$9ch$(E-Mail Removed)...
> In article <dOMsc.3051$(E-Mail Removed)>,
> Corbin O'Reilly <(E-Mail Removed)> wrote:
> :Hi everyone. I am having a strange problem. I have an FTP server(running

on
> ort 8821) behind a PIX that is translated from a public address to a
> rivate address.
>
> :static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0

0
>
> :conduit permit tcp host 205.152.0.8 eq 8821 any
>
> :The problem is I don't
> :know if the problem lies with the PIX 515 or the Linksys DSL router.
>
> Are you running PIX 4.4 software? If so, then you have to hope that
> someone remembers back that far.
>
> If you are running PIX 5.0 or later, then it's time for you to
> convert from conduits to access-lists. Conduits will not be supported
> in the next PIX software release.
>
> My personal policy is to not even -try- to debug configurations
> with conduits in them: Cisco has been saying for years that
> they don't promise that conduits work any more, and I don't consider
> it productive to try to debug something that might a known system
> problem.
> --
> Scintillate, scintillate, globule vivific
> Fain would I fathom thy nature specific.
> Loftily poised on ether capacious
> Strongly resembling a gem carbonaceous. -- Anon



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN Client 4.6 behind PIX connecting to remote PIX? cisco Cisco 3 02-21-2007 11:21 AM
PPTP Client Behind Linksys to PIX VPN with overlapping Private Address jamdatadude Cisco 3 06-30-2006 11:52 PM
PIX 501 Behind Linksys branigan Cisco 0 10-19-2005 11:14 PM
Why can't I get WPA to work with linksys router and linksys/WinXP client? Colin Wireless Networking 0 06-14-2005 08:52 PM
wrv54G linksys router VPN does not work - even linksys quick vpn client spencerwill.com Cisco 2 05-26-2005 06:44 PM



Advertisments