Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 1391 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Server Help

roddy100
I know this is probably covered 100 time but I cannot find the solution.
I have just set up my ASG220 got the ADSL connection working etc.
BUT I cannot get external access to my internal FTP server

I have set up as follows

1. Network --> Interfaces
           Name            FTP Port
           Type             Ethernet Standard
        Hardware          eth2   
        Address            192.168.*.1

2. Definitions --> Networks
        Name            FTP Server
        Type             Host
        Address            192.168.*.3
        Interface        FTP Port

3.Network Security --> NAT --> DNAT/SNAT

          Name                   FTP NAT
         Source                  Any
         Service                 FTP  
         Destination            FTP Port
         Mode                    DNAT
         Destination            FTP Server
         Destination Service FTP

         Automatic Packet Filter Rule box ticked

4.Network Security --> NAT --> DNAT/SNAT

          Name                   FTP SNAT
         Source                  FTP Server
         Service                 FTP  
         Destination            Any
         Mode                    SNAT
         Source                  FTP Server
         Source Service       FTP

         Automatic Packet Filter Rule box ticked

5. FTP Service is default


6. Packet log is showing 

10:45:23 Default DROP TCP 81.137.192.202:41015→81.138.8.196:21 [SYN]len=56ttl=56tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:00:00:00:00:00
10:45:26 Default DROP TCP 81.137.192.202:41015→81.138.8.196:21 [SYN] len=56ttl=56tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:00:00:00:00:00


Edited

I have looked in the full packet log and found this

2009:11:26-12:03:29 mactagAstaro2 ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="ppp0" outitf="unknown" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="81.137.192.202" dstip="81.138.8.196" proto="6" length="56" tos="0x00" prec="0x00" ttl="56" srcport="38428" dstport="21" tcpflags="SYN" 

Thanks for any help


This thread was automatically locked due to age.
Parents
  • 0
    Get rid of your SNAT rule and your DNAT should be:

    Name FTP NAT
    Source: Any
    Service: FTP 
    Destination: External (Address)

    Mode: DNAT

    Destination: FTP Server
    Destination Service: [leave blank when not changing!]



    Cheers - Bob
  • 0 in reply to BAlfson
    Bob

    Thanks for that 2 minutes and it was done, I've been trying different setting for about a week now.

    I assume the same applies to any other server I need to attach

    ie 
    source       any
    Service      (as required ie port 1681 ) - obviously need to create this service
    Destination external
    mode         DNAT
    Destination MAIL Server
    D Service     blank


    easy when you know how

    Thanks again
  • 0 in reply to roddy100
    Whity

    Thanks for your reply.
     I think I do want to have "any" here as both internal and external need to access the FTP server. I have only one  external fixed IP allocated by my ISP
    so it is really only "external"
Reply
  • 0 in reply to roddy100
    Whity

    Thanks for your reply.
     I think I do want to have "any" here as both internal and external need to access the FTP server. I have only one  external fixed IP allocated by my ISP
    so it is really only "external"
Children
No Data