BestHub
Sign in
Operations 4 min read

Configuring Internal Server Access with NAT and FTP ALG on a Router

This guide details step‑by‑step router configuration to assign interface IPs, set up VLANs, create NAT server mappings for web and FTP services, define a default static route, and enable FTP NAT ALG so external users can reach internal servers securely.

Practical DevOps Architecture
Practical DevOps Architecture
Practical DevOps Architecture
Configuring Internal Server Access with NAT and FTP ALG on a Router

This article explains how to configure a router to allow external network users to access internal servers using NAT and FTP ALG.

Step 1: Configure interface IP addresses and NAT server

Create VLANs and assign IPs to VLAN interfaces, then bind physical Ethernet ports to the VLANs:

Router] vlan 100
Router-vlan100] quit
Router] interface vlanif 100
Router-Vlanif100] ip address 192.168.20.1 24
Router-Vlanif100] quit
Router] interface ethernet 2/0/0
Router-Ethernet2/0/0] port link-type access
Router-Ethernet2/0/0] port default vlan 100
Router-Ethernet2/0/0] quit
Router] vlan 200
Router-vlan200] quit
Router] interface vlanif 200
Router-Vlanif200] ip address 10.0.0.1 24
Router-Vlanif200] quit
Router] interface ethernet 2/0/1
Router-Ethernet2/0/1] port link-type access
Router-Ethernet2/0/1] port default vlan 200
Router-Ethernet2/0/1] quit
Router] interface gigabitethernet 3/0/0
Router-GigabitEthernet3/0/0] ip address 202.169.10.1 24

Configure NAT server entries for web and FTP services on the external interface:

Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33

Define the internal hosts for the NAT mappings:

www inside 192.168.20.2 8080
ftp inside 10.0.0.3 ftp

Step 2: Configure the default static route

Router] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2

Step 3: Enable FTP NAT ALG

Router] nat alg ftp enable

After completing these configurations, external users can reach the internal web server (192.168.20.2:8080) and FTP server (10.0.0.3) through the router’s public IP, with proper NAT translation and FTP ALG handling.

RouterNATnetwork configurationFTPstatic routing
Practical DevOps Architecture
Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment