How do I set up Cisco 1600 nat port range for pasv ftp?

Discussion in 'Cisco' started by johnnynine, Aug 11, 2005.

  1. johnnynine

    johnnynine Guest

    I would like to set up my cisco 1600 to support PASV ftp for a
    particular ip address using NAT.

    In other words I would like to forward packets incoming to ip
    192.168.0.2 ports 5500 to 5700. The port range is what I have my ftp
    server set up to use, I think it defaults to 1024+.

    Internal FTP server: ip 192.168.0.2 ports 21, 5500-5700
    external ip address: 1.2.3.4 (for the sake of this question)

    I set up the NAT ftp control port 21 (which works fine) with:

    ip nat inside source static tcp 192.168.0.2 21 1.2.3.4 21

    But to support passive ftp (PASV) I need to also accept incoming
    traffic to ports 5500-5700. This is because the ftp server will give
    the ftp client a random node in that range to connect to for data
    transmission.

    I would like to do something like the following, but the cisco router
    doesn't like the port range syntax:

    ip nat inside source static tcp 192.168.0.2 5500-5700 1.2.3.4 5500-5700

    The above line DOES NOT WORK as it is an invalid format, but I think it
    give the gist of what I would like the end result to be.

    Is there another way to do this? I'm not a cisco router expert so my
    knowledge doesn't go much further than setting up "ip nat inside..."
    commands.

    Thank you,
    Johnny
     
    johnnynine, Aug 11, 2005
    #1
    1. Advertisements

  2. johnnynine

    Brad Guest

    But to support passive ftp (PASV) I need to also accept incoming
    Not sure how to configure the 1600 to do port forwarding for that range
    of ports but that's not your only problem. Not only does the FTP server
    pass the client a randowm port number for the data connection but it
    also passes its IP address (the internal address) so the client will be
    sending packets to the 192.168.0.2 address. If your FTP server supports
    PASV mode you'll need to configure it to use the external IP address of
    the NAT'ing machine and not it's own private IP address when it
    responds to the PASV command.
     
    Brad, Aug 12, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.