Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ftp problem

Status
Not open for further replies.
nikko6

nikko6

Technical User
Mar 19, 2004
34
US
Hi,

Our company just added a cisco 2801 router. before we added the router, ftp clients were able to type ftp commands via command prompt to our ftp server with passive mode enabled.With the 2801's they cannot do a list directory (ls) command. Comes back with 425 Can't open data connection, but able to successfully list directories via a GUI ftp client. We need to use command prompt for ftp connections. Does anyone have any idea why a GUI ftp client is able to do a list directory (ls), but using command prompt for ftp conections we cannot.

Thanks in advance
 
Sort by date Sort by votes
First off, what kind of ftp server? Second, post a config of the router.

Burt
 
Upvote 0 Downvote
Yes, as burt said post your config.

probably an access list issue. FTP is weird with source and destination ports.

In passive mode, the FTP server responds w/a port greater than 1023. It's random.

An ACL for FTP looks something like this, where 192.168.1.100 is the IP of the FTP server. Also check and see which port FTP is using. I think the default for the ACL of "ftp" is port 21. So if your FTP connections are port 20, than you'd have to eq that to 20 instead. The gt in the ACL means Greater Than.

interface localinside
ip access-group 100 in
!
access-list 100 permit tcp any host 192.168.1.100 eq ftp
access-list 100 permit tcp any host 192.168.1.100 gt 1024
!
interface localoutside
ip access-group 101 in
!
access-list 101 permit host 192.168.1.100 eq ftp any established
access-list 101 permit host 192.168.1.100 gt 1024 any established


Now, if you currently don't have any ACLs or firewall rules, than it's a totally different problem.
 
Upvote 0 Downvote
if the client uses an active connection instead of a passive does it work?
 
Upvote 0 Downvote
Hi there,

I have 2 LANs with 2 cisco routers which are connected to each other.
Router 1 gives Internet to Router 2 and its LAN.
The problem is even though there is no ACL defined,I can not Remote Desktop from LAN1 to LAN2,I can not connect to the HTTP pages of the computers of LAN2 either.No ACL defined and there is no restriction,The remote desktop is enable on both side's computers and the computers can ping each other.

Can you please tell me what can be the problem?
What should I do??

I appreciate your help.

Sogol
 
Upvote 0 Downvote
Hello
What's Router and IOS train was in use before the 2801?Did you mirror the exact config of the old Router.If you have move from IOS 12.2 to maybe 12.4,it could be some new feature that's blocking the ls command.
Regards



 
Upvote 0 Downvote
Thank you all for your response. I decided to isolate the ftp connection from our existing setup by dropping in a 501 pix firewall and a different router and rerouting it until I figure this out. Again Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DavidSigma
  • Locked
  • Question
CP7861 problem
Replies
0
Views
192
DavidSigma
DavidSigma
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
225
Geraldine Souza
Geraldine Souza
canflyguy
  • Locked
  • Question
Cisco RV-340 SIP problem
Replies
1
Views
163
DrB0b
DrB0b
newglide
  • Locked
  • Question
Archive via ftp
Replies
0
Views
85
newglide
newglide
DarioMartin
  • Locked
  • Question
Possible DNS problem using Cisco 877
Replies
1
Views
123
DarioMartin
DarioMartin

Part and Inventory Search

Sponsor

Back
Top