how to forward port on cisco 2801 for ftp
Hello
I just installed Filezilla server on windows xp pro connected inside my network. I keep getting an error FileZilla Server version 0.9.34 beta
Copyright 2001-2009 by Tim Kosse (tim.kosse@filezilla-proje
Connecting to server...
Connected, waiting for authentication
Logged on
Creating listen socket on port 21...
Failed to create listen socket on port 21
Failed to create a listen socket on any of the specified ports. Server is not online!
I then checked my ports on my windows xp if ports seem to be open:
C:\Documents and Settings\Administrator>net
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2002 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10115 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1044 127.0.0.1:2002 ESTABLISHED
TCP 127.0.0.1:2002 127.0.0.1:1044 ESTABLISHED
TCP 127.0.0.1:2065 127.0.0.1:30606 ESTABLISHED
TCP 127.0.0.1:2905 127.0.0.1:14147 ESTABLISHED
TCP 127.0.0.1:2906 127.0.0.1:2907 ESTABLISHED
TCP 127.0.0.1:2907 127.0.0.1:2906 ESTABLISHED
TCP 127.0.0.1:2911 127.0.0.1:2912 ESTABLISHED
TCP 127.0.0.1:2912 127.0.0.1:2911 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5152 127.0.0.1:2955 CLOSE_WAIT
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING
TCP 127.0.0.1:14147 127.0.0.1:2905 ESTABLISHED
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30606 127.0.0.1:2065 ESTABLISHED
TCP 127.0.0.1:30606 127.0.0.1:3222 TIME_WAIT
TCP 127.0.0.1:30606 127.0.0.1:3224 TIME_WAIT
TCP 172.16.2.11:139 0.0.0.0:0 LISTENING
TCP 172.16.2.11:2066 64.94.18.133:80 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3456 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:10115 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:2951 *:*
UDP 172.16.2.11:123 *:*
UDP 172.16.2.11:137 *:*
UDP 172.16.2.11:138 *:*
UDP 172.16.2.11:1900 *:*
Which i believe seem to be open but am still getting this error. I then configured my cisco 2801 router to allow ftp through (i think i achieved this but am not sure)
Here's my router config: cisco 2801 router
interface FastEthernet0/0
description Trunk to switch A VoiceVlan 10 and DataVlan 50
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
description VoiceVlan 172.16.1.0 /24
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
description DataVlan 172.16.2.0 /24
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description DHCP client receiving address from DHCP server on Dlink DIR-615
ip address dhcp client-id FastEthernet0/1
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 192.168.0.196 192.168.0.196 netmask 255.255.255.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 20 192.168.0.196 20 extendable
ip nat inside source static udp 172.16.2.11 20 192.168.0.196 20 extendable
ip nat inside source static tcp 172.16.2.11 21 192.168.0.196 21 extendable
ip nat inside source static udp 172.16.2.11 21 192.168.0.196 21 extendable
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178251
ntp server 128.100.100.128
ntp server 128.100.102.201
end
The 172.16.2.11 is the PC that has the Filezilla FTP server installed on it. There is currently no other ACL configured on the router except for the NAT overload. I have disabled windows firewall and have no other firewall installed. Can anyone help me with this issue.
Thanks
I just installed Filezilla server on windows xp pro connected inside my network. I keep getting an error FileZilla Server version 0.9.34 beta
Copyright 2001-2009 by Tim Kosse (tim.kosse@filezilla-proje
Connecting to server...
Connected, waiting for authentication
Logged on
Creating listen socket on port 21...
Failed to create listen socket on port 21
Failed to create a listen socket on any of the specified ports. Server is not online!
I then checked my ports on my windows xp if ports seem to be open:
C:\Documents and Settings\Administrator>net
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2002 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10115 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1038 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1044 127.0.0.1:2002 ESTABLISHED
TCP 127.0.0.1:2002 127.0.0.1:1044 ESTABLISHED
TCP 127.0.0.1:2065 127.0.0.1:30606 ESTABLISHED
TCP 127.0.0.1:2905 127.0.0.1:14147 ESTABLISHED
TCP 127.0.0.1:2906 127.0.0.1:2907 ESTABLISHED
TCP 127.0.0.1:2907 127.0.0.1:2906 ESTABLISHED
TCP 127.0.0.1:2911 127.0.0.1:2912 ESTABLISHED
TCP 127.0.0.1:2912 127.0.0.1:2911 ESTABLISHED
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5152 127.0.0.1:2955 CLOSE_WAIT
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING
TCP 127.0.0.1:14147 127.0.0.1:2905 ESTABLISHED
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING
TCP 127.0.0.1:30606 127.0.0.1:2065 ESTABLISHED
TCP 127.0.0.1:30606 127.0.0.1:3222 TIME_WAIT
TCP 127.0.0.1:30606 127.0.0.1:3224 TIME_WAIT
TCP 172.16.2.11:139 0.0.0.0:0 LISTENING
TCP 172.16.2.11:2066 64.94.18.133:80 ESTABLISHED
UDP 0.0.0.0:445 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3456 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:10115 *:*
UDP 127.0.0.1:123 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:2951 *:*
UDP 172.16.2.11:123 *:*
UDP 172.16.2.11:137 *:*
UDP 172.16.2.11:138 *:*
UDP 172.16.2.11:1900 *:*
Which i believe seem to be open but am still getting this error. I then configured my cisco 2801 router to allow ftp through (i think i achieved this but am not sure)
Here's my router config: cisco 2801 router
interface FastEthernet0/0
description Trunk to switch A VoiceVlan 10 and DataVlan 50
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
description VoiceVlan 172.16.1.0 /24
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
description DataVlan 172.16.2.0 /24
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description DHCP client receiving address from DHCP server on Dlink DIR-615
ip address dhcp client-id FastEthernet0/1
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 192.168.0.196 192.168.0.196 netmask 255.255.255.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 20 192.168.0.196 20 extendable
ip nat inside source static udp 172.16.2.11 20 192.168.0.196 20 extendable
ip nat inside source static tcp 172.16.2.11 21 192.168.0.196 21 extendable
ip nat inside source static udp 172.16.2.11 21 192.168.0.196 21 extendable
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178251
ntp server 128.100.100.128
ntp server 128.100.102.201
end
The 172.16.2.11 is the PC that has the Filezilla FTP server installed on it. There is currently no other ACL configured on the router except for the NAT overload. I have disabled windows firewall and have no other firewall installed. Can anyone help me with this issue.
Thanks
Istvan Kalmar
did ypu opened this port on Dlink DIR-615?
ASKER
thanks for the help ikalmar
I disconnected the dlink and connected the cisco 2801 directly to modem. It still wouldn't work so i installed the filezilla server on another PC and it works perfectly.So now i know for sure that my router ACL and port forward are ok(I'll attach a new show run to show my changes done). The only thing is I have to install it and make it work on this other computer. I tried a netstat command to try and see why it works on 1 but not on the other. Here is what i got:
Netstat on PC that works:
C:\Documents and Settings\PC1WORKS>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 3748 ******************OK
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2560
TCP 127.0.0.1:2185 127.0.0.1:14147 ESTABLISHED 3012 ********OK
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 468
TCP 127.0.0.1:5152 127.0.0.1:1808 CLOSE_WAIT 468
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 3748
TCP 127.0.0.1:14147 127.0.0.1:2185 ESTABLISHED 3748
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING 380
TCP 172.16.2.11:139 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 720
UDP 0.0.0.0:4500 *:* 720
UDP 127.0.0.1:123 *:* 1080
UDP 127.0.0.1:1900 *:* 1352
UDP 127.0.0.1:1930 *:* 2496
UDP 172.16.2.11:123 *:* 1080
UDP 172.16.2.11:137 *:* 4
UDP 172.16.2.11:138 *:* 4
UDP 172.16.2.11:1900 *:* 1352
Netstat on PC that won't allow it to work:
C:\Documents and Settings\Administrator>net
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1960 *************OK
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1088
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:10115 0.0.0.0:0 LISTENING 1944
TCP 127.0.0.1:1038 0.0.0.0:0 LISTENING 3860
TCP 127.0.0.1:4062 127.0.0.1:14147 ESTABLISHED 2380 ************OK
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 2000
TCP 127.0.0.1:5152 127.0.0.1:3801 CLOSE_WAIT 2000
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 2432
TCP 127.0.0.1:14147 127.0.0.1:4062 ESTABLISHED 2432
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING 1896
TCP 172.16.2.12:139 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 784
UDP 0.0.0.0:3456 *:* 1960
UDP 0.0.0.0:4500 *:* 784
UDP 0.0.0.0:10115 *:* 1944
UDP 127.0.0.1:123 *:* 1184
UDP 127.0.0.1:1900 *:* 1524
UDP 127.0.0.1:3416 *:* 2312
UDP 172.16.2.12:123 *:* 1184
UDP 172.16.2.12:137 *:* 4
UDP 172.16.2.12:138 *:* 4
UDP 172.16.2.12:1900 *:* 1524
Again i have shutdown windows firewall and don't have any other firewall .
Here's my new show run:
interface FastEthernet0/0
description Trunk to switch A VoiceVlan 10 and DataVlan 50
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
description VoiceVlan 172.16.1.0 /24
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
description DataVlan 172.16.2.0 /24
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description DHCP client receiving address from DHCP server on Dlink DIR-615
ip address dhcp client-id FastEthernet0/1
ip access-group 102 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 61.202.230.139 61.202.230.139 netmask 255.255.248.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 21 interface FastEthernet0/1 21
ip nat inside source static tcp 172.16.2.11 20 interface FastEthernet0/1 20
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 102 remark ACL allowed entry into router fa4 WAN
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq 443
access-list 102 deny tcp any any eq 3389
access-list 102 deny icmp any any echo log-input
access-list 102 permit ip any any
!
**************************
The default setting on Filezilla server is to use 127.0.0.1 and port 14147.
Thanks very much for any help with this.
I disconnected the dlink and connected the cisco 2801 directly to modem. It still wouldn't work so i installed the filezilla server on another PC and it works perfectly.So now i know for sure that my router ACL and port forward are ok(I'll attach a new show run to show my changes done). The only thing is I have to install it and make it work on this other computer. I tried a netstat command to try and see why it works on 1 but not on the other. Here is what i got:
Netstat on PC that works:
C:\Documents and Settings\PC1WORKS>netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 3748 ******************OK
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:1028 0.0.0.0:0 LISTENING 2560
TCP 127.0.0.1:2185 127.0.0.1:14147 ESTABLISHED 3012 ********OK
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 468
TCP 127.0.0.1:5152 127.0.0.1:1808 CLOSE_WAIT 468
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 3748
TCP 127.0.0.1:14147 127.0.0.1:2185 ESTABLISHED 3748
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING 380
TCP 172.16.2.11:139 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 720
UDP 0.0.0.0:4500 *:* 720
UDP 127.0.0.1:123 *:* 1080
UDP 127.0.0.1:1900 *:* 1352
UDP 127.0.0.1:1930 *:* 2496
UDP 172.16.2.11:123 *:* 1080
UDP 172.16.2.11:137 *:* 4
UDP 172.16.2.11:138 *:* 4
UDP 172.16.2.11:1900 *:* 1352
Netstat on PC that won't allow it to work:
C:\Documents and Settings\Administrator>net
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1960 *************OK
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1088
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING 1960
TCP 0.0.0.0:10115 0.0.0.0:0 LISTENING 1944
TCP 127.0.0.1:1038 0.0.0.0:0 LISTENING 3860
TCP 127.0.0.1:4062 127.0.0.1:14147 ESTABLISHED 2380 ************OK
TCP 127.0.0.1:5152 0.0.0.0:0 LISTENING 2000
TCP 127.0.0.1:5152 127.0.0.1:3801 CLOSE_WAIT 2000
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 2432
TCP 127.0.0.1:14147 127.0.0.1:4062 ESTABLISHED 2432
TCP 127.0.0.1:30606 0.0.0.0:0 LISTENING 1896
TCP 172.16.2.12:139 0.0.0.0:0 LISTENING 4
UDP 0.0.0.0:445 *:* 4
UDP 0.0.0.0:500 *:* 784
UDP 0.0.0.0:3456 *:* 1960
UDP 0.0.0.0:4500 *:* 784
UDP 0.0.0.0:10115 *:* 1944
UDP 127.0.0.1:123 *:* 1184
UDP 127.0.0.1:1900 *:* 1524
UDP 127.0.0.1:3416 *:* 2312
UDP 172.16.2.12:123 *:* 1184
UDP 172.16.2.12:137 *:* 4
UDP 172.16.2.12:138 *:* 4
UDP 172.16.2.12:1900 *:* 1524
Again i have shutdown windows firewall and don't have any other firewall .
Here's my new show run:
interface FastEthernet0/0
description Trunk to switch A VoiceVlan 10 and DataVlan 50
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
description VoiceVlan 172.16.1.0 /24
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
description DataVlan 172.16.2.0 /24
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description DHCP client receiving address from DHCP server on Dlink DIR-615
ip address dhcp client-id FastEthernet0/1
ip access-group 102 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 61.202.230.139 61.202.230.139 netmask 255.255.248.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 21 interface FastEthernet0/1 21
ip nat inside source static tcp 172.16.2.11 20 interface FastEthernet0/1 20
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 102 remark ACL allowed entry into router fa4 WAN
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq 443
access-list 102 deny tcp any any eq 3389
access-list 102 deny icmp any any echo log-input
access-list 102 permit ip any any
!
**************************
The default setting on Filezilla server is to use 127.0.0.1 and port 14147.
Thanks very much for any help with this.
ASKER
Ok I configured my windows server 2003 as a ftp server and connected it to my network and all is working perfectly. I still however would like to configure Filezilla on that PC if anybody has any ideas on how to fix this issue. Why would Filezilla work on some PC's and not on others?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.