Wesley J wrote: > > I'm trying to provide access from the internet through a router > to an ftp server on a private network... this is part of the > config I have so far: > > ip nat inside source static tcp 192.168.6.2 21 interface > Ethernet0 21 > > Ethernet0 has the global address and 192.168.6.2 is the ftp > server on the private side. I also have the following; > > ip nat inside source list 5 pool global overload > ! Tells which addresses to "nat" using pool named "global" for > outbound connections > > Am I creating problems having 2 'ip nat' statments? Do I need > to apply access lists as well? I need some help, TIA...
I would think that you would want an access list too, unless you are going to let just anyone open port 21 (FTP control) on the FTP server. If it really is a public FTP server, is there any chance you could move it to a DMZ network and give it a public address and not deal with NAT?? Probably not, but worth asking ;-) FTP can be very difficult to get working through firewalls and NAT. One thing you will need to decide is whether you're going to support active or passive FTP. They behave quite differently with regards to port numbers and who opens the sessions. I wrote a white paper on this topic that is available at my Troubleshooting Networks Resources page here: http://www.troubleshootingnetworks.com/ftpinfo.html _______________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53733&t=53677 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]