how to forward port on cisco 2801 for ftp

Hello
I just installed Filezilla server on windows xp pro connected inside my network. I keep getting an error FileZilla Server version 0.9.34 beta
Copyright 2001-2009 by Tim Kosse (tim.kosse@filezilla-project.org)
Connecting to server...
Connected, waiting for authentication
Logged on
Creating listen socket on port 21...
Failed to create listen socket on port 21
Failed to create a listen socket on any of the specified ports. Server is not online!

I then checked my ports on my windows xp if ports seem to be open:
C:\Documents and Settings\Administrator>netstat -a -n

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:2002           0.0.0.0:0              LISTENING
  TCP    0.0.0.0:10115          0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1038         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:1044         127.0.0.1:2002         ESTABLISHED
  TCP    127.0.0.1:2002         127.0.0.1:1044         ESTABLISHED
  TCP    127.0.0.1:2065         127.0.0.1:30606        ESTABLISHED
  TCP    127.0.0.1:2905         127.0.0.1:14147        ESTABLISHED
  TCP    127.0.0.1:2906         127.0.0.1:2907         ESTABLISHED
  TCP    127.0.0.1:2907         127.0.0.1:2906         ESTABLISHED
  TCP    127.0.0.1:2911         127.0.0.1:2912         ESTABLISHED
  TCP    127.0.0.1:2912         127.0.0.1:2911         ESTABLISHED
  TCP    127.0.0.1:5152         0.0.0.0:0              LISTENING
  TCP    127.0.0.1:5152         127.0.0.1:2955         CLOSE_WAIT
  TCP    127.0.0.1:14147        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:14147        127.0.0.1:2905         ESTABLISHED
  TCP    127.0.0.1:30606        0.0.0.0:0              LISTENING
  TCP    127.0.0.1:30606        127.0.0.1:2065         ESTABLISHED
  TCP    127.0.0.1:30606        127.0.0.1:3222         TIME_WAIT
  TCP    127.0.0.1:30606        127.0.0.1:3224         TIME_WAIT
  TCP    172.16.2.11:139        0.0.0.0:0              LISTENING
  TCP    172.16.2.11:2066       64.94.18.133:80        ESTABLISHED
  UDP    0.0.0.0:445            *:*
  UDP    0.0.0.0:500            *:*
  UDP    0.0.0.0:3456           *:*
  UDP    0.0.0.0:4500           *:*
  UDP    0.0.0.0:10115          *:*
  UDP    127.0.0.1:123          *:*
  UDP    127.0.0.1:1900         *:*
  UDP    127.0.0.1:2951         *:*
  UDP    172.16.2.11:123        *:*
  UDP    172.16.2.11:137        *:*
  UDP    172.16.2.11:138        *:*
  UDP    172.16.2.11:1900       *:*
Which i believe seem to be open but am still getting this error. I then configured my cisco 2801 router to allow ftp through (i think i achieved this but am not sure)

Here's my router config: cisco 2801 router

interface FastEthernet0/0
 description Trunk to switch A VoiceVlan 10 and DataVlan 50
 no ip address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 description VoiceVlan 172.16.1.0 /24
 encapsulation dot1Q 10
 ip address 172.16.1.1 255.255.255.0
 ip helper-address 172.16.2.5
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.50
 description DataVlan 172.16.2.0 /24
 encapsulation dot1Q 50
 ip address 172.16.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1
 description DHCP client receiving address from DHCP server on Dlink DIR-615
 ip address dhcp client-id FastEthernet0/1
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 192.168.0.196 192.168.0.196 netmask 255.255.255.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 20 192.168.0.196 20 extendable    
ip nat inside source static udp 172.16.2.11 20 192.168.0.196 20 extendable  
ip nat inside source static tcp 172.16.2.11 21 192.168.0.196 21 extendable            
ip nat inside source static udp 172.16.2.11 21 192.168.0.196 21 extendable  
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17178251
ntp server 128.100.100.128
ntp server 128.100.102.201
end


The 172.16.2.11 is the PC that has the Filezilla FTP server installed on it. There is currently no other ACL configured on the router except for the NAT overload. I have disabled windows firewall and have no other firewall installed. Can anyone help me with this issue.


Thanks
ibanez7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
did ypu opened this port on Dlink DIR-615?
0
ibanez7Author Commented:
thanks for the help ikalmar
I disconnected the dlink and connected the cisco 2801 directly to modem. It still wouldn't work so i installed the filezilla server on another PC and it works perfectly.So now i know for sure that my router ACL and port forward are ok(I'll attach a new show run to show my changes done). The only thing is I have to install it and make it work on this other computer. I tried a netstat command to try and see why it works on 1 but not on the other. Here is what i got:

Netstat on PC that works:

C:\Documents and Settings\PC1WORKS>netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       3748    ******************OK
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    127.0.0.1:1028         0.0.0.0:0              LISTENING       2560
  TCP    127.0.0.1:2185         127.0.0.1:14147     ESTABLISHED     3012  ********OK
 TCP    127.0.0.1:5152         0.0.0.0:0              LISTENING       468
  TCP    127.0.0.1:5152         127.0.0.1:1808         CLOSE_WAIT      468
  TCP    127.0.0.1:14147        0.0.0.0:0              LISTENING       3748
  TCP    127.0.0.1:14147        127.0.0.1:2185         ESTABLISHED     3748
  TCP    127.0.0.1:30606        0.0.0.0:0              LISTENING       380
  TCP    172.16.2.11:139        0.0.0.0:0              LISTENING       4
  UDP    0.0.0.0:445            *:*                                    4
  UDP    0.0.0.0:500            *:*                                    720
  UDP    0.0.0.0:4500           *:*                                    720
  UDP    127.0.0.1:123          *:*                                    1080
  UDP    127.0.0.1:1900         *:*                                    1352
  UDP    127.0.0.1:1930         *:*                                    2496
  UDP    172.16.2.11:123        *:*                                    1080
  UDP    172.16.2.11:137        *:*                                    4
  UDP    172.16.2.11:138        *:*                                    4
  UDP    172.16.2.11:1900       *:*                                    1352


Netstat on PC that won't allow it to work:

C:\Documents and Settings\Administrator>netstat -ano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:21             0.0.0.0:0              LISTENING       1960   *************OK
  TCP    0.0.0.0:25             0.0.0.0:0              LISTENING       1960
  TCP    0.0.0.0:80             0.0.0.0:0              LISTENING       1960
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       1088
  TCP    0.0.0.0:443            0.0.0.0:0              LISTENING       1960
  TCP    0.0.0.0:445            0.0.0.0:0              LISTENING       4
  TCP    0.0.0.0:1025           0.0.0.0:0              LISTENING       1960
  TCP    0.0.0.0:10115          0.0.0.0:0              LISTENING       1944
  TCP    127.0.0.1:1038         0.0.0.0:0              LISTENING       3860
  TCP    127.0.0.1:4062         127.0.0.1:14147        ESTABLISHED     2380   ************OK
  TCP    127.0.0.1:5152         0.0.0.0:0              LISTENING       2000
  TCP    127.0.0.1:5152         127.0.0.1:3801         CLOSE_WAIT      2000
  TCP    127.0.0.1:14147        0.0.0.0:0              LISTENING       2432
  TCP    127.0.0.1:14147        127.0.0.1:4062         ESTABLISHED     2432
  TCP    127.0.0.1:30606        0.0.0.0:0              LISTENING       1896
  TCP    172.16.2.12:139        0.0.0.0:0              LISTENING       4
  UDP    0.0.0.0:445            *:*                                    4
  UDP    0.0.0.0:500            *:*                                    784
  UDP    0.0.0.0:3456           *:*                                    1960
  UDP    0.0.0.0:4500           *:*                                    784
  UDP    0.0.0.0:10115          *:*                                    1944
  UDP    127.0.0.1:123          *:*                                    1184
  UDP    127.0.0.1:1900         *:*                                    1524
  UDP    127.0.0.1:3416         *:*                                    2312
  UDP    172.16.2.12:123        *:*                                    1184
  UDP    172.16.2.12:137        *:*                                    4
  UDP    172.16.2.12:138        *:*                                    4
  UDP    172.16.2.12:1900       *:*                                    1524

Again i have shutdown windows firewall and don't have any other firewall .
Here's my new show run:
interface FastEthernet0/0
 description Trunk to switch A VoiceVlan 10 and DataVlan 50
 no ip address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/0.10
 description VoiceVlan 172.16.1.0 /24
 encapsulation dot1Q 10
 ip address 172.16.1.1 255.255.255.0
 ip helper-address 172.16.2.5
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.50
 description DataVlan 172.16.2.0 /24
 encapsulation dot1Q 50
 ip address 172.16.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1
 description DHCP client receiving address from DHCP server on Dlink DIR-615
 ip address dhcp client-id FastEthernet0/1
 ip access-group 102 in
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat pool NAT_OVERLOAD 61.202.230.139 61.202.230.139 netmask 255.255.248.0
ip nat inside source list 101 pool NAT_OVERLOAD overload
ip nat inside source static tcp 172.16.2.11 21 interface FastEthernet0/1 21
ip nat inside source static tcp 172.16.2.11 20 interface FastEthernet0/1 20
!
access-list 101 permit ip 172.16.2.0 0.0.0.255 any
access-list 101 permit ip 172.16.1.0 0.0.0.255 any
access-list 102 remark ACL allowed entry into router fa4 WAN
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq ftp-data
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq 443
access-list 102 deny   tcp any any eq 3389
access-list 102 deny   icmp any any echo log-input
access-list 102 permit ip any any
!
***************************************************
The default setting on Filezilla server is to use 127.0.0.1 and port 14147.
Thanks very much for any help with this.
0
ibanez7Author Commented:
Ok I configured my windows server 2003 as a ftp server and connected it to my network and all is working perfectly. I still however would like to configure Filezilla on that PC if anybody has any ideas on how to fix this issue. Why would Filezilla work on some PC's and not on others?
0
ibanez7Author Commented:
Found the fix:
 
fix: Failed to create listen socket on port 21 : Filezilla

You have installed Filezilla server and tried to start it.
From the log, you find out that the following error has happened :

“FileZilla Server version 0.9.33 and 9.34 beta started ***I have 9.34 version
Initializing Server.
Creating listen socket on port 21…
Failed to create listen socket on port 21
Server not online.”

What to do ?

Reason
Port 21 is already being used. Thats why Filezilla server can’t bind on it.

Solution
1. Find out who is using it. Execute the following command in command prompt

$ netstat -abn

look for mention of “21¿ in its output.

If you get “inetinfo.exe” associated with 21, it means that IIS server is running on your machine and he is listening on port 21. Disable IIS from running his FTP server.

2. Stop IIS FTP server

Control Panel -> Administrative Tools -> Internet Information Server -> right click on FTP -> Stop

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Software

From novice to tech pro — start learning today.