1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FTP working behind a cisco router? Help...

Discussion in 'Routing & Switching' started by albertc30, May 10, 2009.

  1. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello everybody.
    It has been a while since my last post, things are getting a bit tight with my CCNA certification exam coming soon.
    Anyways, I have this file I want my sister in Canada to get from me, it's an old video of our dad back in 1999 when he was still alive.
    I have a FTP server (FileZillaServer) here on my pc and I can access it from the local network no problem.
    The problem is I can't seem to have anyone outside coming into it.
    I don't have any dns service so what I do is I give my sister my Internet IP address at the given time so it should come straigh in but just page cannot be displayed.
    My windows firewall has been desactivated and still nothing. I am using static NAT to forward incomming trafic to port 21 and 20 to my local machine and still nothing.
    In a linksys this was done so easily just ad ports and forward them to the correst machine and worked well now I have a cisco 1721 and I can't seem to get it going.
    Here's my startup conf;


    R1721#sh run
    Building configuration...

    Current configuration : 2401 bytes
    !
    ! Last configuration change at 10:58:58 gmt Sat Apr 18 2009
    ! NVRAM config last updated at 10:55:46 gmt Sat Apr 18 2009
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname R1721
    !
    boot-start-marker
    boot-end-marker
    !
    no logging console
    !
    clock timezone gmt 0
    clock save interval 24
    no aaa new-model
    ip subnet-zero
    !
    !
    ip dhcp excluded-address 192.168.28.14
    ip dhcp excluded-address 192.168.28.13
    ip dhcp excluded-address 192.168.28.12
    ip dhcp excluded-address 192.168.28.9
    !
    ip dhcp pool LocalNetwork
    network 192.168.28.8 255.255.255.248
    default-router 192.168.28.14
    dns-server 194.72.9.34 62.6.40.178
    !
    !
    ip host carepc 192.168.28.9
    ip name-server 194.72.9.34
    ip name-server 62.6.40.178
    ip cef
    no scripting tcl init
    no scripting tcl encdir
    !
    !
    !
    !
    interface Loopback0
    ip address 192.168.28.254 255.255.255.255
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    description My local network
    ip address 192.168.28.14 255.255.255.248
    ip nat inside
    speed auto
    !
    interface Serial0
    ip address 10.0.0.1 255.255.255.252
    encapsulation ppp
    clockrate 800000
    !
    interface Dialer1
    ip address negotiated
    ip nat outside
    encapsulation ppp
    dialer pool 1
    ppp chap hostname ***********@**********.***
    ppp chap password 0 *********
    !
    router rip
    version 2
    network 10.0.0.0
    network 192.168.28.0
    !
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source static udp 192.168.28.9 20 interface Dialer1 20
    ip nat inside source static tcp 192.168.28.9 20 interface Dialer1 20
    ip nat inside source static tcp 192.168.28.9 21 interface Dialer1 21
    ip nat inside source static udp 192.168.28.9 21 interface Dialer1 21
    ip nat inside source static udp 192.168.28.9 7609 interface Dialer1 7609
    ip nat inside source static tcp 192.168.28.9 7609 interface Dialer1 7609
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    no ip http server
    !
    !
    access-list 1 permit 192.168.28.8 0.0.0.7
    !
    control-plane
    !
    banner motd ^CThis is or should be a secure site :-). Authorized access only. Co
    nnections made to this site are traceable. If you dont know what you are doing t
    hen log out.^C
    !
    line con 0
    password **********
    login
    line aux 0
    line vty 0 4
    password ***********
    login
    !
    no scheduler allocate
    !
    end

    R1721


    Any help well appreciated everybody.
    Now back to revising.
    Cheers in advance.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  2. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello again everybody.
    This is doing my head in.
    I have changed my ports to 12 and I am using PFPortChecker to check if the ports are opened and they're closed before adding the static route and then they're open after applying the static route but still can't get access to my ftp server from outside my network.
    Any help anyone?
    Cheers.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  3. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Is there any settings on the FileZillaServer software that have to be setup to enable FTP trafiic from an external source?

    Also for your internet connection do you have a static IP address?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  4. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello Sparky.

    About your first question, I honestly haven't found anything about it but will look into it, what I do know is that this software worked once fine with a Linksys router and I could access it from the outside network fine.

    No I don't have a static IP address but what I am doing is using or giving the connections current IP to a friend online who then is trying to access my ftp server but unfortunately with no success.

    No matter what I Google about port forwarding in Cisco the results are always about NAT or in other words static nat. It opens the ports I want I have scanned them before the static Nat entry on my router and they were closed but after the entry on my router they scan as being opened.

    Any help well appreciated everybody.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  5. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    What Cisco kit are you using mate?

    I did some changes on a Cisco PIX firewall the other day which required a one to one NAT rule (with ports) but also needed a firewall policy as well for the required ports.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  6. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Like what sparky is saying I'm sure I read somewhere that theres a default implicit deny on your outside interfaces (even though it doesn't show up in your config), I know for fact that this is true on my ASA 5505.
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)

Share This Page

Loading...