ftp access-list

[jvande]

I am writing access lists and trying to allow all ftp traffic.
access-list 101 permit tcp any any eq 20
access-list 101 permit tcp any any eq 21
I thought these were the only ports I needed but, it doesn't work. When I try to ftp it opens the connection and allows me to log on, but when I request a directory listing the ftp session just hangs. Am I missing something in my access list to allow ftp connectivity?

Thanks,
Josh

 

[sobak]

I've ran into the same issue with my Access-list. If you are using a browser (and some FTP clients) the server will bounce back a random port number (I believe above 1024) since your access-list restricts all other ports other than 20 and 21 the bounce back never reaches the client. The way I found this out was an catch all at the end of the access-list....

access-list ### deny ip any any log

what this statement does is show you what was dropped at the router if you have logging enabled. I worked on this for a few days until I just opened all ports to my FTP server. I've been told this is a setting that can be configured at the FTP server, unfortunately our FTP server software was purchased in a trade for some chickens......

Hope this help you out any. I think if you enable logging on your router it will show you where your packets are getting blocked......

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*