	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

02/25/2009 at 12:09PM PST, ID: 24177516

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.3

passive ftp behind NAT on cisco 871w

Asked by dubium in FTP Servers, Miscellaneous Networking

Tags: passive, ftp, cisco, 871w, router, nat

I've attached my current config. I want to host an ftp server (ftp over ssl, so port 990) on 10.10.10.3. I've already opened up port 990 below, but that's only the control connection. I want to allow passive connections. How can I forward a range of ports for this purpose? Or is there a more elegant setup?

View the Solution FREE for 30 Days

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:

           
           
             Building configuration...
 
Current configuration : 6923 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxxxxx
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1 
!
ip dhcp pool maincomp
   host 10.10.10.2 255.255.255.0
   client-identifier 0100.0e0c.718c.33
!
ip dhcp pool qt1
   host 10.10.10.3 255.255.255.0
   client-identifier 0100.1422.4a66.42
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name xxxxxxxx
ip ssh time-out 60
ip ssh authentication-retries 2
ip ddns update method sdm_ddns1
 HTTP
  add xxxxxx
  remove xxxxxxx
!
!
!
crypto pki trustpoint TP-self-signed-1774843829
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1774843829
 revocation-check none
 rsakeypair TP-self-signed-1774843829
!
!
crypto pki certificate chain TP-self-signed-1774843829
 certificate self-signed 01
 xxxxxxxxx
  quit
username xxxxxxx privilege 15 secret 5 xxxxxxxxxx
!
! 
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface Dot11Radio0
 no ip address
 !
 encryption mode ciphers tkip 
 !
 ssid wireless
    authentication open 
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 xxxxxxxxxxxxx
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 no ip address
 bridge-group 1
!
interface Dialer0
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username xxxxxxx password 7 xxxxxxxx
 ppp ipcp dns request
 ppp ipcp address accept
!
interface BVI1
 description $ES_LAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.10.10.3 990 interface Dialer0 990
ip nat inside source static tcp 10.10.10.3 990 interface Dialer0 990
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static tcp 10.10.10.2 3389 interface Dialer0 3389
ip nat inside source static udp 10.10.10.2 3389 interface Dialer0 3389
ip nat inside source static udp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static udp 10.10.10.3 8001 interface Dialer0 8001
ip nat inside source static tcp 10.10.10.3 8001 interface Dialer0 8001
ip nat inside source static tcp 10.10.10.2 16870 interface Dialer0 16870
ip nat inside source static udp 10.10.10.2 16870 interface Dialer0 16870
ip nat inside source static tcp 10.10.10.2 57711 interface Dialer0 57711
ip nat inside source static udp 10.10.10.2 57711 interface Dialer0 57711
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner exec ^CCCCCCCCCCCCCC
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CCCCCCCCCCCCCCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

           
         

20091111-EE-VQP-91 - Hierarchy / EE_QW_EXPERT_20070906

1. giltjr48,500
2. omarfarid40,657
3. woolmilkp...32,035
4. cj_196912,250
5. lesouef11,900
6. KeremE11,502
7. MikeGGG11,500
8. leakim97111,316
9. oklit10,784
10. uetian17079,650
11. torimar8,500
12. tedbilly6,500
13. dereck2...6,000
14. cs97jjm35,500
14. JT926775,500
16. Paranorm...5,200
17. willettmei...5,001
18. shadowle...5,000
18. arober115,000
20. savone4,875
21. b0lsc0tt4,500
22. meverest4,400
23. gheist4,300
24. nsx106...4,168
25. Blaz4,000
25. pwindell4,000
25. javeedabdul4,000
25. tigermatt4,000
25. DMTechG...4,000
25. MightySW4,000

1. giltjr129,850
2. omarfarid97,141
3. woolmilkp...42,535
4. rwaldicott24,367
5. b0lsc0tt17,575
6. uetian170717,150
7. meverest15,343
8. KeremE13,502
9. oklit12,784
10. cj_196912,250
11. lesouef11,900
12. torimar11,850
13. MikeGGG11,500
14. ravenpl11,350
15. leakim97111,316
16. arrkerr1...11,172
17. willettmei...9,001
18. rionroc9,000
19. Blaz8,500
19. jason11788,500
21. ygoutham7,900
22. keith_ala...7,525
23. tigermatt6,800
24. SysExpert6,500
24. tedbilly6,500
24. rindi6,500

passive ftp behind NAT on cisco 871w

Asked by dubium in FTP Servers, Miscellaneous Networking

Tags: passive, ftp, cisco, 871w, router, nat

About this solution