a client on the outside int can ping the global address that is translated to my real IP address of the server on the inside, but when I try to ftp from the dos prompt from the the outside client it gives connection timed out. But the outside client can connect to another server on the inside, to use a different application. Anyone got any ideas, the whole setup worked in the test network but when I installed it for real the ftp error happens. The clients do come through a router before they hit the firewall. please help I'm pulling me hair out over this one.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cannot connect to FTP Server
- Thread starter wayneker
- Start date
- Thread starter
- #3
Thanks for replying, I have a conduit command allowing two clients to ftp permission to the server, the fixup protocol is setup, and inside clients can connect, when I setup a replica network in a test area they connected ok, The clients through a router then through a dual nicked PC onto the ftp server, when i disconnect the dual nicked pc from their network path and force them to go through the firewall they can ping the ftp global address ok, but as soon as they try to ftp it timesout.
Do you have logging enabled? If not, enable the logging, try an FTP connection from one of the clients outside the firewall and then check for errors in the log.
One possibility is that there is a problem with the IDENT protocol. The log will give an idication of this with errors on tcp port 113. If this is not it, hopefully the log will give an idea of why the connection is timing out.
Bluecrack
One possibility is that there is a problem with the IDENT protocol. The log will give an idication of this with errors on tcp port 113. If this is not it, hopefully the log will give an idea of why the connection is timing out.
Bluecrack
- Thread starter
- #5
i have enabled logging and it never mentioned port 113, or ident, I can't even ping the global address, the command I've used is global (outside) 1 n.n.n.n-x.x.x.x netmask 255.255.255.0 also Nat 1 0 0, I can ping the x.x.x.x address and it has successfully installed with a conduit and static command allowing an outside client to access an sql database on the inside, I'm baffled? its the n.n.n.n address I cannot ping.
What does the log show? Is it showing the packets from the client being rejected or does it not show anything? Are the packets being blocked by the router outside the firewall? If packets make to the PIX they should show up in the log.
Assuming the packets are rejected at the firewall, there should be some indication why in the error message. Here is a link to the error messages and what they mean for version 6.0
Also make sure you have a static command setup to map the ftp server inside to the external address on the outside as such:
static (inside,outside) outside_ip_address inside_ip_address netmask mask
The global command is used to create a pool of addresses used for NAT/PAT.
Bluecrack
Assuming the packets are rejected at the firewall, there should be some indication why in the error message. Here is a link to the error messages and what they mean for version 6.0
Also make sure you have a static command setup to map the ftp server inside to the external address on the outside as such:
static (inside,outside) outside_ip_address inside_ip_address netmask mask
The global command is used to create a pool of addresses used for NAT/PAT.
Bluecrack
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
- Locked
- Question