Cisco Access list basic question on FTP..Urgent

[davi1]

I have a router on my 10.10. network as 10.10.10.1(E0). There is a frame relay network on S0.1. S0.1 is connected to another router to the network 216.172.16.0. One of the hosts on the 216.172.16.0 network...216.172.16.17 needs to ftp to one of the hosts on 10.10.network(10.10.10.200).

No other hosts should be able to ftp to 10.10 network.

On our router S0.1 I placed an inbound access-list like this

permit tcp any any established
permit tcp host 216.172.16.17 host 10.10.10.200 eq ftp
permit tcp host 216.172.16.17 host 10.10.10.200 eq ftp-data

Now the host 216.172.16.17 can ftp without any problems to 10.10.10.200.

Now also 10.10.10.200 should be able to ftp to 216.172.16.17...it asks for the username/password ...it logs me in...but I cannot tranfer data....

Should I place any access-list somewhere to work...just wondering....

 

[rrobnett]

You have defined your ACL in one direction only and your intention is to transfer data in both.

 

[davi1]

where should I apply the other ACL...please help

 

[jomcc]

you need to write the acl so that the establish command is used on the interface after the other two commands or it may not work right sometimes. the data is not an established connection. it never had the established bit turned on from the source. which in this case is the server that the ftp is coming from.
do you want other traffic to go in and out also? the establish command should go after the permit data.
do you want any ip traffic coming in?
don't forget there is an explicit deny any at the end so all traffic is stopped.