Client behind Linksys Router/FTP Server behind PIX

Hi everyone. I am having a strange problem. I have an FTP server(running on
port 8821) behind a PIX that is translated from a public address to a
private address.

Example:

static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

conduit permit tcp host 205.152.0.8 eq 8821 any

If I dial-up to the internet with Earthlink and connect to 205.152.0.8 it
works. If I connect from my home computer which is behind a Linksys DSL
router it does not work. I suspect that this is some kind of NAT issue
because when I used WSFTP Pro from behind the Linksys I see my home
computer's internal IP address 192.168.1.8 referenced. Since the dial-up
connection was a true public address and the DSL was through a router I
think NAT definitely has something to do with it. The problem is I don't
know if the problem lies with the PIX 515 or the Linksys DSL router. I would
appreciate any help. Thanks.

 

:Hi everyone. I am having a strange problem. I have an FTP server(running on
ort 8821) behind a PIX that is translated from a public address to a
rivate address.

:static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

:conduit permit tcp host 205.152.0.8 eq 8821 any

:The problem is I don't
:know if the problem lies with the PIX 515 or the Linksys DSL router.

Are you running PIX 4.4 software? If so, then you have to hope that
someone remembers back that far.

If you are running PIX 5.0 or later, then it's time for you to
convert from conduits to access-lists. Conduits will not be supported
in the next PIX software release.

My personal policy is to not even -try- to debug configurations
with conduits in them: Cisco has been saying for years that
they don't promise that conduits work any more, and I don't consider
it productive to try to debug something that might a known system
problem.

 

Okay. I was able to get this to work via PASV. I had to add the following
line to my PIX 515 6.3(3) config: FIXUP PROTOCOL FTP 8821. Now I can access
the FTP Server from behind my Linksys Router when I configure WSFTP Pro to
be Passive. Non-Passive/Port/Active still does not work. I think I
understand why now. He is a quote from a tech "Various internet protocols
break with a vanilla NAT implementation. FTP for example, will operate in
two modes, passive and active. NAT does not support active mode FTP, so
clients must be found that will operate in passive mode." I guess this tells
me that since my Linksys is doing NAT, Active FTP will never work. If anyone
knows a way to get Active FTP to work please let me know. Thanks.