[nsp] WU-FTPD and The Cisco router.

C. Jon Larsen jlarsen at richweb.com
Thu Jul 24 15:46:23 EDT 2003 

You could (should?) upgrade to an ftp daemon that is more secure and will 
allow you to set your pasv port range. proftpd and pureftpd both can do 
this. Set your range of pasv ports used by the ftp server to say, 
50000 to 50299. Then on your router's acl you can allow these ports 
inbound to the ftp server. You can use a smaller or larger range of ports 
depending on how many clients you have connected to your ftp service. 

On Thu, 24 Jul 2003, Victor M. Acosta wrote:

>  Have any one hear or have problems dealing with WU-FTPD behind cisco
> routers (2600) series?
> The problem resides in that randomly users get stuck on the hand-shake
> between Client-Server
> the servers are behind a 2611 router with ISO :
> c2600-i-mz.123-1.bin
> ROM: System Bootstrap, Version 12.2(10r)1, RELEASE SOFTWARE (fc1)
> cisco 2611 (MPC860) processor (revision 0x202) with 28672K/4096K bytes of
> memory.4
>     Then after the Client authenticate I have a denied error and Access-List
> 101 like this:
> 02:27:06: %SEC-6-IPAC02:27:06: %SEC-6-IPACCESSLOGRL: access-list logging
> rate-limited or missed 2 packets
> 02:27:11: %SEC-6-IPACCESSLOGP: list 101 denied tcp 216.1.1.1(61777) ->
> 12.1.11.1(55816), 1 packet
> 
> Where we have 216.1.1.1 is the FTP-Client (Any FTP Client Mac/PC )and
> 12.1.11.1 is the Server (RH 7.2) (wu-ftpd 2.6.2) behind the router. I am let
> in traffic to the 12.1.11.1 on ftp-data and ftp. I was researching over the
> internet and it seems that some other people that have similar setup had the
> same problems. I try their fixes and did not work. I wonder if someone can
> point me to the right direction.
> Thanks.
> 
> 
> Victor M. Acosta                                  El Paso Times
> 300 North Campbell St.                                 IT
> El Paso TX, 79901
> Ph. (915) 546-6394                          victorm at elpasotimes.com
> Fax.(915) 546-6346                          victorm at eudoramail.com
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-- 
+ Jon Larsen: Chief Technology Officer, Richweb, Inc.
+ Richweb.com: Providing Internet-Based Business Solutions since 1995
+ GnuPG Public Key: http://richweb.com/jlarsen.gpg
+ Business: (804) 359.2220 x 101; Mobile: (804) 307.6939

More information about the cisco-nsp mailing list