FTP and PIX 515

[kooma]

HELP..

I have a FTP server at 172.16.32.14 on my inside network.
I have my PIX working and I've add the lines below (some I've included for clarification).
I still cannot connect with a ftp client from the internet to 192.168.10.2.

What have I missed??? Can someone help me???

ip address outside 192.168.10.2 255.255.255.0
ip address inside 172.16.32.254 255.255.255.0

fixup protocol ftp 21

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 192.168.10.1 1

static (inside,outside) 192.168.10.2 172.16.32.14
conduit permit tcp host 192.168.10.2 eq ftp any

Thanks for anyone who can help.

 

[AlanRamsay]

Have you tried having the following line too.

conduit permit tcp host 192.168.10.2 eq ftp-data any


Alan

 

[nohair]

Hi,
Not used conduits...use access lists. However, you might want to allow connects such as AlanRamsey suggests, inbound on port 20 for the data path, however, this will only work for passive sessions, for active sessions you will need to allow your inside host to build an outbound connection back to the Internet. You can do this by allowing the host unrestricted access to the Internet, or to build a session based on it having a source port of 20.

-Stephen

 

[kooma]

Tried Allan's line.. Still nothing. Don't know what I'm doing wrong this should work.

Any other suggestions?

 

[tbissett]

It looks like your static command and your outside command are using the same IP address. They must be different. Statics cannot use the PIX interface IP.