NAT Issues - Windows 2000 FTP Server
Posted on 2004-04-20
We have a customer that has a Cisco 806 router and a public subnet (/29 block). Our setup is using NAT with specific ports from specific IP's mapped to internal addresses.
The setup works fine for port 80, 25 etc... with the Windows 2000 servers handling email, web etc...
My problem arrises with FTP server. The customer runs their FTP on non-standard ports. Actually he assigns each customer their own port (can't change this at this time). So customer ABC has port 1216 on IP x.x.x.x for example.
When I do a test connection I get this type of output:
[root@server log]# ftp
ftp> open hostname.com
ftp: connect: Connection refused
ftp> open hostname.com 1216
Connected to hostname.com (126.96.36.199).
220 host Microsoft FTP Service (Version 5.0).
Name (hostname.com:root): sparks
331 Password required for sparks.
230 User sparks logged in.
Remote system type is Windows_NT.
227 Entering Passive Mode (10,100,1,147,12,186).
ftp: connect: Connection timed out
As you can see, it appears that the server behind the NAT is trying to send back to me on a private IP address verus coming back to me on the public IP I actually connected on? We have NAT'ed FTP servers at a lot of other customer sites using standard 20/21 ports and don't have this issue at all? Am I missing something on the mapping?. at the other sites we only map port 21 out, nothing else...
I have to get this resolved ASAP so hoping for quick assistance (hence why offering a lot of points)
Thanks for your time,