FTP Passive mode should work through those ACLs as well. Passive just means
that the client starts the ftp-data connection instead of the server.
It's probably a problem with the rest of the ACL - can you lob us/me the
whole thing? If vanilla FTP from the DOS prompt can't build a data channel
then it's almost always a problem with active FTP.
Cheers,
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-----Original Message-----
From: Erwin Geirnaert [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 27 July 2000 10:09 PM
To: 'Firewalls'
Subject: RE: ftp through CISCO access-list
Hi Tom
The problem is between active and passive modes!
So make sure that you use only active mode, according to your configuration
this is the only option you have to make it work.
FTP in a browser uses passive mode!
Or your browser uses a proxy, that can also give some problems.
Don't know about the MS-Dos problem.
Hope this helps a bit.
Erwin
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tom Casaer
Sent: donderdag 27 juli 2000 14:23
To: Firewalls
Subject: ftp through CISCO access-list
Hi,
I've got the following (strange?) problem: I've got a Cisco configured with
the following access-list (a part of it):
...
int ser0
ip access-group 110 in
...
...
access-list 110 permit tcp any eq ftp host X.X.X.X
established
access-list 110 permit tcp any eq ftp-data host X.X.X.X
...
access-list 110 deny ip any any
Now the problem is that I can use every ftp-client for ftp-ing (bulletprof
FTP, ws_ftp, ...), everything works fine,
but ftp in a browser (Explorer, Netscape) doesn't work (can't get a
data-connection) and Ftp in a MS-Dos window doesn't work either (also no
data connection).
Is there anybody who has the same problem or a solution? Or always use a
normal ftp-client?
Thanks,
Tom Casaer
PS: I don't use PASSIVE mode, so it's a normal ftp connection.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
