I am having a problem downlaoding from ftp sites from with in my network. We are hooked up via DSL with the Cisco router between the modem and the network. IOS ver 12 with firewall. Here is my current config.
ip subnet-zero
no ip domain-lookup
ip name-server 207.228.35.***
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.100.254 255.255.0.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
description connected to Internet
ip address 216.82.145.*** 255.255.252.0
ip access-group 101 in
no ip directed-broadcast
ip nat outside
!
router rip
version 2
passive-interface Ethernet1
network 192.168.0.0
network 192.168.100.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.100.5 80 216.82.145.*** 80 extendable
ip nat inside source static tcp 192.168.100.1 20 216.82.145.*** 20 extendable
ip nat inside source static tcp 192.168.100.1 21 216.82.145.*** 21 extendable
ip nat inside source static tcp 192.168.100.1 143 216.82.145.*** 143 extendable
ip nat inside source static tcp 192.168.100.1 110 216.82.145.*** 110 extendable
ip nat inside source static tcp 192.168.100.1 25 216.82.145.*** 25 extendable
ip nat inside source static tcp 192.168.100.1 135 216.82.145.*** 135 extendable
ip nat inside source static tcp 192.168.100.1 4995 216.82.145.*** 4995 extendable
ip nat inside source static tcp 192.168.100.1 4996 216.82.145.*** 4996 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 permit tcp any any established
access-list 101 permit udp host 207.228.35.*** eq domain any
access-list 101 permit udp host 207.228.37.*** eq domain any
access-list 101 permit tcp any host 216.82.145.*** eq smtp
access-list 101 permit tcp any host 216.82.145.*** eq pop3
access-list 101 permit tcp any host 216.82.145.*** eq 143
access-list 101 permit tcp any host 216.82.145.*** eq telnet
access-list 101 permit tcp any host 216.82.145.*** eq 4995
access-list 101 permit tcp any host 216.82.145.*** eq 4996
access-list 101 permit tcp any host 216.82.145.*** eq 4996
access-list 101 permit tcp any host 216.82.145.*** eq 135
access-list 101 permit tcp any host 216.82.145.*** eq www
access-list 101 permit icmp any any
access-list 101 deny ip any any
I can browse some ftp sites by logging in as anonymous, but when i try to initiate a download, it times out. I have been told that it could be a problem with the ftp initiating a reverse connection that my firewall does not recognize. Any help or suggestions would be greatly appreciated. Thanks.
ip subnet-zero
no ip domain-lookup
ip name-server 207.228.35.***
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.100.254 255.255.0.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
description connected to Internet
ip address 216.82.145.*** 255.255.252.0
ip access-group 101 in
no ip directed-broadcast
ip nat outside
!
router rip
version 2
passive-interface Ethernet1
network 192.168.0.0
network 192.168.100.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.100.5 80 216.82.145.*** 80 extendable
ip nat inside source static tcp 192.168.100.1 20 216.82.145.*** 20 extendable
ip nat inside source static tcp 192.168.100.1 21 216.82.145.*** 21 extendable
ip nat inside source static tcp 192.168.100.1 143 216.82.145.*** 143 extendable
ip nat inside source static tcp 192.168.100.1 110 216.82.145.*** 110 extendable
ip nat inside source static tcp 192.168.100.1 25 216.82.145.*** 25 extendable
ip nat inside source static tcp 192.168.100.1 135 216.82.145.*** 135 extendable
ip nat inside source static tcp 192.168.100.1 4995 216.82.145.*** 4995 extendable
ip nat inside source static tcp 192.168.100.1 4996 216.82.145.*** 4996 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
!
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 101 permit tcp any any established
access-list 101 permit udp host 207.228.35.*** eq domain any
access-list 101 permit udp host 207.228.37.*** eq domain any
access-list 101 permit tcp any host 216.82.145.*** eq smtp
access-list 101 permit tcp any host 216.82.145.*** eq pop3
access-list 101 permit tcp any host 216.82.145.*** eq 143
access-list 101 permit tcp any host 216.82.145.*** eq telnet
access-list 101 permit tcp any host 216.82.145.*** eq 4995
access-list 101 permit tcp any host 216.82.145.*** eq 4996
access-list 101 permit tcp any host 216.82.145.*** eq 4996
access-list 101 permit tcp any host 216.82.145.*** eq 135
access-list 101 permit tcp any host 216.82.145.*** eq www
access-list 101 permit icmp any any
access-list 101 deny ip any any
I can browse some ftp sites by logging in as anonymous, but when i try to initiate a download, it times out. I have been told that it could be a problem with the ftp initiating a reverse connection that my firewall does not recognize. Any help or suggestions would be greatly appreciated. Thanks.