What's the best way to configure an internal FTP server behind a Cisco router (850 with DSL connection).
I'm assuming it'll be PASV, so I need a port range (I don't want all ports > 1023).
I assume I have to use PAT, and forward 21/tcp, 20/tcp and the PASV range (say, 5000 - 5100). How do I PAT that range?
e0 (inside) - 192.168.0.1
di0 (outside) - single static public IP.
FTP server (inside) 192.168.0.10
ip nat inside source static tcp 192.168.0.10 21 interface di0 21
ip nat inside source static tcp 192.168.0.10 20 interface di0 20
ip nat inside source static tcp 192.168.0.10 [5000 - 5100] interface di0 [5000 - 5100]
Then, of course, I need the acl to permit those ports on the di0 interface (incoming), which is easier with "permit tcp any any range 5000 5100"
i can't find this anywhere!?!?