Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4112
  • Last Modified:

Setting up FTP Server through Cisco 800 Series Router

Hello All.

I am doing some work for a company as a favor.  They have a network set up already, with ISDN and a Cisco 800 Series Router.  It probably doesn't matter to you, but they also have a Cisco Catalyst.  Anyhow, I am going to put another computer on their network with an FTP Server program.  I know that I will have to setup port forwarding on the router to point all FTP requests to the computer with the FTP Server installed when they point their browser to ftp://xxx.xxx.xxx.xxx.  I've done this on a Linksys router, but never a Cisco router.  Could anyone please tell me step by step how to do it and maybe any other information that I may need to know?  I appreciate your help!
0
ACSNS
Asked:
ACSNS
1 Solution
 
anupnellipCommented:
first of all you need to have a static IP address assigned by your ISP for this to work . I suppose you r using NAT here .
it is a simple command
Ip nat inside source static ftpserver_IP_address YOUR_PUBLIC_IP ADDRESS

where ftpserver_IP_address is the IP address of the ftp server inside your lan
& YOUR_PUBLIC_IP ADDRESS  is the ip address that clients will be using to access from the internet.

then you need to use access list to restrict access only to ftp .

Please let me know in detail about your network & how it is being connected . Also please post your running config on 800 for more detailed help
0
 
ACSNSAuthor Commented:
Thanks for the info so far, I think that will help greatly.  What do you mean by set up access list to restrict only to ftp?  Does this mean when I point the browser to ftp://xxx.xxx.xxx.xxx that only ftp traffic can be allowed through?  What is the command for this, is it access-list 1 permit ftpserver_ip_address 0.0.0.0 ?

I appreciate your help with this...

Thanks,
Andy
0
 
anupnellipCommented:
when u use the command
Ip nat inside source static ftpserver_IP_address YOUR_PUBLIC_IP ADDRESS

all the ports are opened for your ftp server inside the lan . ie it becomes like a computer on the internet & the NAT protection is no loger there . So all the ports open on your ftp server will be open to the internet . As this is not recomended use an access list to restrict the access only to ftp .

I will give an example .

suppose your ftp server Ip address is 10.0.1.100 & you want to assign it a public ip of 67.1.1.11 ( this should be assigned by your ISP )

use the command

ip nat inside source static 10.0.1.100 67.1.1.11

now create access list

no access-list 101
access-list 101 deny ip host 67.1.1.11 any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 67.1.1.11 range ftp-data ftp

now apply this access list to your dialer interface .

ip access-group 101 in


Hope this helps


0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
ACSNSAuthor Commented:
Ok, all your help has been great, I just want to make sure I have this down before I walk in there, I don't want to look like a huge idiot... haha

Here is the exact command line I should need to type in order to make this happen...

conf t
ip nat inside source static 10.0.1.100 67.1.1.11
no access-list 101
access-list 101 deny ip host 67.1.1.11 any
access-list 101 permit tcp any any established
access-list 101 permit tcp any host 67.1.1.11 range ftp-data ftp
ip access-group 101 in
exit
wr mem

You've been a great help, it'll be my pleasure to award you with these points once we're done here!

Thanks,
Andy
0
 
ACSNSAuthor Commented:
Also, I was just talking to my friend who works at an ISP and he was telling me that the following should work... What are your thoughts on this?

conf t
ip nat inside source static tcp 10.0.1.100 21 67.1.1.11 21 extended
exit
wr mem

He said that the access list stuff aren't needed because the first line dictates that it's only for port 21.  Let me know if your way is better, and why.

Thanks again!
Andy
0
 
anupnellipCommented:
hii ,

your friends suggestion is very much valid & simple .

though my method is more flexible in terms of controlling access . It is always recommended to controls access using access list as later on you can open up more ports according to the need .
 But if you r not comfortable with access list then using the your friends command is the best way to go .

In case you wish to use my method . just make sure u enter interface configuration of the interface before you apply the access list . eg.
config t
interface dialer ( if you r specifying the IP address here . If u r specifying it at the bri interface use interface bri0 )
ip access-group 101 in
0
 
ACSNSAuthor Commented:
Thanks for your help!
0
 
stylosophCommented:
how to solve the problem, if i've got a dynamic ip?
0
 
quicksmartCommented:
I have found this thread very useful in configure c827h dsl router lately, and thought i would suggest a possible solution(i believe this will work with any ISDN from the 800 series also)
conf t
ip nat inside source static tcp 10.0.1.100 21 interface Dialer1 21
exit
wr mem
reload

this basically will allow any access to port 21 on the Dialer1 interface(wan port, dsl port, ISDN port as far as i know) to be translated, rather than just limiting translation to requests to the single ip. So if you have a dynamic ip use this version. If you have multiple ip's assigned to your connection its quite a nice feature that you can re-direct port 21 to different machines for each external ip! pretty sweet!
Thanks for asking this question in the first place ACSNS, it's saved my bacon today!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now