Operations 4 min read

Configuring Internal Server Access with NAT and FTP ALG on a Router

This guide details step‑by‑step router configuration to assign interface IPs, set up VLANs, create NAT server mappings for web and FTP services, define a default static route, and enable FTP NAT ALG so external users can reach internal servers securely.

Practical DevOps Architecture

Jun 8, 2015

Configuring Internal Server Access with NAT and FTP ALG on a Router

This article explains how to configure a router to allow external network users to access internal servers using NAT and FTP ALG.

Step 1: Configure interface IP addresses and NAT server

Create VLANs and assign IPs to VLAN interfaces, then bind physical Ethernet ports to the VLANs:

Router] vlan 100
Router-vlan100] quit
Router] interface vlanif 100
Router-Vlanif100] ip address 192.168.20.1 24
Router-Vlanif100] quit
Router] interface ethernet 2/0/0
Router-Ethernet2/0/0] port link-type access
Router-Ethernet2/0/0] port default vlan 100
Router-Ethernet2/0/0] quit
Router] vlan 200
Router-vlan200] quit
Router] interface vlanif 200
Router-Vlanif200] ip address 10.0.0.1 24
Router-Vlanif200] quit
Router] interface ethernet 2/0/1
Router-Ethernet2/0/1] port link-type access
Router-Ethernet2/0/1] port default vlan 200
Router-Ethernet2/0/1] quit
Router] interface gigabitethernet 3/0/0
Router-GigabitEthernet3/0/0] ip address 202.169.10.1 24

Configure NAT server entries for web and FTP services on the external interface:

Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.5
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33
Router-GigabitEthernet3/0/0] nat server protocol tcp global 202.169.10.33

Define the internal hosts for the NAT mappings:

www inside 192.168.20.2 8080
ftp inside 10.0.0.3 ftp

Step 2: Configure the default static route Router] ip route-static 0.0.0.0 0.0.0.0 202.169.10.2 Step 3: Enable FTP NAT ALG Router] nat alg ftp enable After completing these configurations, external users can reach the internal web server (192.168.20.2:8080) and FTP server (10.0.0.3) through the router’s public IP, with proper NAT translation and FTP ALG handling.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.

Router NAT FTP static routing

Written by

Practical DevOps Architecture

Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.