Saturday, April 18, 2020

Allowing FTP using ACLs

Hello, I'm at my wits end trying to figure out what is wrong with the commands I am using.

I have two hosts, 172.22.19.48 & 172.22.19.176 (behind closest routers Gi0/1 interface) , These are the only hosts that are allowed to reach an FTP server (172.25.30.15) two routers away.

On the closest router to the source, I'm using an extended ACL.

The goal is to allow only those two hosts access to the FTP while their entire subnet can access the DNS server (172.22.23.39)

(config)# ip access-list extended MultiHosts

(config-ext-nacl)# permit tcp 172.22.19.48 0.0.0.128 host 172.25.30.15 eq 21

(config-ext-nacl)# permit tcp 172.22.16.0 0.0.3.255 host 172.22.23.39 eq 53

(config)# interface Gi0/1

(config-if)# ip access-group MultiHosts in

The second line uses the WM 0.0.0.128 to ensure both hosts are allowed trough and none else.

The third line uses a WM of 0.0.3.255 to ensure the entire subnet can reach the destination.

Why can I not reach the FTP server from these hosts?



No comments:

Post a Comment