I would like to set up my cisco 1600 to support PASV ftp for a particular ip address using NAT.
In other words I would like to forward packets incoming to ip
192.168.0.2 ports 5500 to 5700. The port range is what I have my ftp server set up to use, I think it defaults to 1024+.Internal FTP server: ip 192.168.0.2 ports 21, 5500-5700 external ip address: 1.2.3.4 (for the sake of this question)
I set up the NAT ftp control port 21 (which works fine) with:
ip nat inside source static tcp 192.168.0.2 21 1.2.3.4 21
But to support passive ftp (PASV) I need to also accept incoming traffic to ports 5500-5700. This is because the ftp server will give the ftp client a random node in that range to connect to for data transmission.
I would like to do something like the following, but the cisco router doesn't like the port range syntax:
ip nat inside source static tcp 192.168.0.2 5500-5700 1.2.3.4 5500-5700
The above line DOES NOT WORK as it is an invalid format, but I think it give the gist of what I would like the end result to be.
Is there another way to do this? I'm not a cisco router expert so my knowledge doesn't go much further than setting up "ip nat inside..." commands.
Thank you, Johnny