CCIE Practical Studies, Volume I
< Free Open Study > |
NAT and Nonstandard FTP Port Numbers
When using FTP, the arguments to the ftp port command include an IP address embedded in the data stream. To accommodate this, Cisco routers recognize port 21 and take the appropriate steps in replacing the data with the new translated address and recomputing the necessary checksums. A problem happens when FTP is using nonstandard port numbers. NAT cannot recognize the data stream as being an FTP request, so it passes the packet along without the necessary modifications. Naturally, the request will fail when it reaches the host because the address in the payload differs from the address in the IP header. In Cisco IOS Software Release 11.3(3) and Cisco IOS Software Release 11.2.(13), Cisco introduced the capability to use nonstandard TCP port numbers for FTP. The command ip nat service list [ 1-100 ] ftp tcp port xxxx calls an access list of the networks to be translated and then looks for FTP packets operating on port xxxx. If the router finds a match, it makes the necessary changes to that packet for FTP to operate . |
< Free Open Study > |