From: Gajewski Mariusz - TP POLPAK (Mariusz.Gajewski@telekomunikacja.pl)
Date: Tue Jul 19 2005 - 10:58:48 GMT-3
I would say that ACTIVE mode will work when client is "inside" , when the
client is "outside" and server is "inside" - you will have problem with this
RACL. The same is with your PASSIVE solution, it will work only when client
is "inside" and initiates connection to server "outside"
HTH
Mariusz
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomwin Chen
Sent: Tuesday, July 19, 2005 2:03 PM
To: ccielab@groupstudy.com
Subject: Reflexive ACL interaction with FTP
Hi All,
just want to confirm,
since active and passive FTP mode has slighty different operation (
http://slacksite.com/other/ftp.html ) , what would be the Reflexive ACL look
like if i want to let active mode FTP to pass fa0/0 ?
=======================================
LET ACTIVE MODE ( and PASSIVE MODE inclusive ) to pass
int fa0/0
ip access-group outgoing out
ip access-group incoming in
!
ip access-list extended outgoing
permit tcp any any reflect comeback
!
ip access-list extended incoming
permit tcp any eq 20 any
evaluate comeback
!
=======================================
=======================================
LET PASSIVE MODE ONLY
int fa0/0
ip access-group outgoing out
ip access-group incoming in
!
ip access-list extended outgoing permit tcp any any reflect comeback ! ip
access-list extended incoming evaluate comeback !
====================================
is this ok ?
thanks.
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:30 GMT-3