Windows Blog

How do I setup an ftp server on my cisco 877 router?

September 6th, 2009

Posted by: admin

Not matter of simply forwarding ports 20 and 21, the client connects with a random port. My server is not in a DMZ, and the firewall is enabled.

By: Fluxy

Tags: Dmz, Firewall, Ftp Server

Other similar posts:

• Group Policy Objects on Windows Server 2003 doesn’t work?
• MS Windows Server 2003 Domain Policy: What makes it update on clients?
• Should I get a 24 port switch or router for this network?
• Using PHP mail() function on Windows Server 2003?
• Upgrading from Windows 98 to Windows Server 2003?

This entry was posted on Sunday, September 6th, 2009 at 08:06 and is filed under setup. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “How do I setup an ftp server on my cisco 877 router?”

1. Jag Says:
   September 6th, 2009 at 17:56

   Your server will probably need to be in the DMZ for this to work correctly.

2. Craig B Says:
   September 7th, 2009 at 18:32

   You need to create 2 NAT translations on the router pass connections to your FTP server. Also you need to open TCP ports 20 and 21 on your FTP server’s firewall.

   For example:

   Router Internet IP: 172.16.0.1
   FTP Server IP: 192.168.0.2

   Enter the following commands in global config mode on the router:

   ip nat inside source static tcp 192.168.0.2 20 172.16.0.1 20
   ip nat inside source static tcp 192.168.0.2 21 172.16.0.1 21

   Or you can do it by assigning the NAT translation through the dialer interface like this:

   ip nat inside source static tcp 192.168.0.2 20 interface Dialer0 20
   ip nat inside source static tcp 192.168.0.2 21 interface Dialer0 21

   Both examples will produce the same result if you have a single IP address assigned by your ISP.

3. Wizard Of OS Says:
   September 9th, 2009 at 11:45

   If your client comes in on a random port how does FTP detect the request. . FTP and other IP applications listen on specified ports. How did you set up FTP to scan all 65535 ports??
   But I think that you have to be in your DMZ for this to work otherwise you are going to have to open up your firewall to all ports.
   It might be possible to build a packet scanner that would check or an FTP request and then route it to a specific port but not sure how you would do that with the cisco router.

4. SGT_R0ck Says:
   September 10th, 2009 at 23:10

   FTP works by someone requesting on port 21 and getting a response on port 20

   Cisco routers have an automatic feature called FTP inspection (inspection works on more than just FTP but ICMP SMTP etc) which will allow response packets from a valid FTP session on 21 to pass back out to the internet. Without this you need to make sure 21 is allowed in and 20 allowed out.

   set up an IP NAT for 21 to your internal IP address and configure inspection policies on your external interface.

   This can be done easily from the SDM Web Gui on the router (which may or maynot be loaded)

Leave a Reply