GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: access-list about ftp posted 03/19/1999
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Try this access list.  Most FTP servers do indeed "call you back".

access-list 102 permit tcp any 209.19.85.0 0.0.0.255 establish
access-list 102 permit tcp host 209.19.85.66 host 206.171.72.123 eq ftp
access-list 102 permit tcp host 206.171.22.123 gt 1024 host 209.19.85.66 eq
20


This list allows an outbound connect to your ftp server, then also allows
the inbound connect as well, but only from the host you specified and
from the apporpriate ports (<1024) then to the appropriate port on your
station (20)

Darren Cromer
Integration Engineer, CCIE #4384 - Sarcom
(513) 459-6596
email: dcromer@xxxxxxxxxx
email:  darren.cromer@xxxxxxxxxxxxx


> -----Original Message-----
> From:	Peter.Klaffehn@xxxxxxxxxxx [SMTP:Peter.Klaffehn@xxxxxxxxxxx]
> Sent:	Thursday, March 18, 1999 5:03 PM
> To:	fengcl@xxxxxxxxxxxxxxxx
> Cc:	cisco@xxxxxxxxxxxxxx
> Subject:	AW: access-list about ftp
> 
> Hi,
> 
> maybe the ftp server "calls you back". You should verify this and change
> your configuration accordingly. You can set the keyword "log" at the end
> of
> the lines of your access-list definition. Every packet which is filtered
> will generate a line of syslog output. So you can see if this is
> happening.
> 
> Peter
> 
> Peter Klaffehn
> MCSE
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]Im Auftrag von
> fengcl@xxxxxxxxxxxxxxxx
> Gesendet: Donnerstag, 18. März 1999 04:10
> An: Cisco@xxxxxxxxxxxxxx
> Betreff: access-list about ftp
> 
> 
> 
> 
> hi,friends:
>      now, I want set my router (cisco 2511) the access-list abount ftp.
> 209.19.85.66(my address) ftp the server 206.171.72.123,and get data from
> it.
> I set it, but not work correctly. please help me.
> ----------------------------------------
> access-list 102 permit tcp any 209.19.85.0 0.0.0.255 establish
> access-list 102 permit tcp any host 206.171.72.123 eq ftp
> access-list 102 permit tcp any host 209.19.85.66 eq ftp
> ------------------------------------------
> yours
>                     richard
> 
> 
> ---------------------
> To remove your name from the mailing list send a message to
> Majordomo@xxxxxxxxxxxxxx with the body containing "UNSUBSCRIBE CISCO"
> 
> ---------------------
> To remove your name from the mailing list send a message to
> Majordomo@xxxxxxxxxxxxxx with the body containing "UNSUBSCRIBE CISCO"
---------------------
To remove your name from the mailing list send a message to Majordomo@xxxxxxxxxxxxxx with the body containing "UNSUBSCRIBE CISCO"