Client behind Linksys Router/FTP Server behind PIX

Discussion in 'Cisco' started by Corbin O'Reilly, May 25, 2004.

  1. Hi everyone. I am having a strange problem. I have an FTP server(running on
    port 8821) behind a PIX that is translated from a public address to a
    private address.

    Example:

    static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

    conduit permit tcp host 205.152.0.8 eq 8821 any

    If I dial-up to the internet with Earthlink and connect to 205.152.0.8 it
    works. If I connect from my home computer which is behind a Linksys DSL
    router it does not work. I suspect that this is some kind of NAT issue
    because when I used WSFTP Pro from behind the Linksys I see my home
    computer's internal IP address 192.168.1.8 referenced. Since the dial-up
    connection was a true public address and the DSL was through a router I
    think NAT definitely has something to do with it. The problem is I don't
    know if the problem lies with the PIX 515 or the Linksys DSL router. I would
    appreciate any help. Thanks.
     
    Corbin O'Reilly, May 25, 2004
    #1
    1. Advertisements

  2. :Hi everyone. I am having a strange problem. I have an FTP server(running on
    :port 8821) behind a PIX that is translated from a public address to a
    :private address.

    :static (inside,outside) 205.152.0.8 10.1.4.278 netmask 255.255.255.255 0 0

    :conduit permit tcp host 205.152.0.8 eq 8821 any

    :The problem is I don't
    :know if the problem lies with the PIX 515 or the Linksys DSL router.

    Are you running PIX 4.4 software? If so, then you have to hope that
    someone remembers back that far.

    If you are running PIX 5.0 or later, then it's time for you to
    convert from conduits to access-lists. Conduits will not be supported
    in the next PIX software release.

    My personal policy is to not even -try- to debug configurations
    with conduits in them: Cisco has been saying for years that
    they don't promise that conduits work any more, and I don't consider
    it productive to try to debug something that might a known system
    problem.
     
    Walter Roberson, May 25, 2004
    #2
    1. Advertisements

  3. Okay. I was able to get this to work via PASV. I had to add the following
    line to my PIX 515 6.3(3) config: FIXUP PROTOCOL FTP 8821. Now I can access
    the FTP Server from behind my Linksys Router when I configure WSFTP Pro to
    be Passive. Non-Passive/Port/Active still does not work. I think I
    understand why now. He is a quote from a tech "Various internet protocols
    break with a vanilla NAT implementation. FTP for example, will operate in
    two modes, passive and active. NAT does not support active mode FTP, so
    clients must be found that will operate in passive mode." I guess this tells
    me that since my Linksys is doing NAT, Active FTP will never work. If anyone
    knows a way to get Active FTP to work please let me know. Thanks.
     
    Corbin O'Reilly, May 26, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.