How to configure port forwarding for a Cisco 2600 series router?
 

Hello....

My office has a lease line connection to the internet... using a Cisco 2600
series router..

I m planning to set up an email server or a web server, but I don't know how
to configure the router's port forwarding to server IP address.

I did some telnet but i don't know how to use and understand most of the
command given. I have tried searching the web for some guides but to no
avail.

I sincerely hope someone can guide me or at least points me to a source that
can help me.


Thank you...
Marvin

Re: How to configure port forwarding for a Cisco 2600 series router?
 

Hello Marvin,

Sounds like you will be using NAT to source inside IP addresses. If
that is the case, you can use extendable NAT to tcp/udp port forward.
E.g.,

ip nat inside source static tcp 192.168.1.200 22 209.247.228.201 22
extendable

forwards SSH (tcp port 22) traffic to the inside address 192.168.1.200
from the outside address 209.247.228.201.


You can also forward all ports with NAT using overload with static
assignments per outside address, e.g.

ip nat inside source static 192.168.0.3 209.247.228.202

forwards all traffic to the inside address 192.168.0.3 from the
outside address 209.247.228.202.

Did that help?

--Jerome

Re: How to configure port forwarding for a Cisco 2600 series router?
 

Thank you very much Jerome for offering to help. However I am quite quite
confuse as to which IP you are refering to. The following describe a bit on
the connection of the 2600 router. The serial0/0 connects to an NTU and
BRI1/0 and BRI1/1 connect to 2 ISDN modem. FastEthernet0/0 connects to the
LAN hub (3COM SuperStack 3). The ip number on the FastEthernet0/0
(10.170.116.254) is the gateway number that we configured on every LAN
computer. The local computer that I intend to use as a server is
10.170.116.11. After checking with WhatIsMyIP.com, this node's WAN ip
address is 202.188.63.215.

The following is part of what i get from "show configuration". Just
wondering - does the command like "ip nat inside" or "ip nat inside source
static tcp 10.170.116.11 80 10.170.116.254 80" shows on the configuration
too after being type? But it shows in "show running-config"... whats the
difference?

I don't really know how to go further. Which is inside and which is outside
is getting me confuse.

==================================
Using 2183 out of 29688 bytes
!
version 12.2
ip subnet-zero
!
no ip domain-lookup
!
isdn switch-type basic-net3
!
interface FastEthernet0/0
ip address 10.170.116.254 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
description connection to frame relay
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
description connection to MPLS Cisco BRFP2
ip address 202.178.118.117 255.255.255.252
frame-relay interface-dlci 80
!
interface Serial0/1
no ip address
shutdown
!
router ospf 3026
log-adjacency-changes
network 10.170.116.254 0.0.0.0 area 0
network 202.178.118.116 0.0.0.3 area 0
network 202.178.118.122 0.0.0.0 area 0
!
ip classless
ip route 0.0.0.0 0.0.0.0 202.178.118.121 200
ip route 202.178.118.121 255.255.255.255 Dialer1
ip http server
ip pim bidir-enable
!
!
access-list 101 deny ospf any any
access-list 101 permit ip any any
dialer-list 1 protocol ip list 101
snmp-server community public RO
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
line aux 0
line vty 0 4

Re: How to configure port forwarding for a Cisco 2600 series router?
 

Hey Marvin,

Can you paste the results of "show ip route", "show ip cef", and "show
mpls interfaces"?

--Jerome

Hello,

Not to bust in someone elses post here (sorry for doing that) but I figured rather than start a new topic I would add my question here. If you would prefer I create a new one just let me know.

I am running a Cisco 2600 NAT/FW router with various internal servers connected to the network including an FTP server.

So I get how to do the static NAT port forwarding but how do you port forword a range of ports such as those required for FTP PASV connections?
Example: ports 10000-20000

I dont really want to type 10000 static nat entries :P

Anyone have any input?

Thanks

To reply which is inside and which is outside:

[Your internal network/servers] --> [ROUTER] --> {Internet}

The side that has your networking (private addressing usually) will be your inside network and the outside is your public IP or outgoing interface.

hope that helps.

plaxtor

there is a range command on udp and tcp ports when using an extended ACL

I use a range command to permit a range of UDP ports for my voip traffic.

Hope this helps...


also plextor these posts are old so i dont think they are looking at them anymore.

Here is a link for NAT if you need it.

http://cisco.com/en/US/tech/tk648/tk...7.shtml#topic5

Hello,

Thanks for replying.

I'll take a look at that link.

Haha I didnt even look at the date, your right they are old. oh well.

I had actually found a way probably simular to what you said using extened ACL's.

Thanks though :)

what did you find out? I am interestested in learning new tricks>>>>

Well like I said its probably simular to how you have done it.

Something like this:

ip nat pool ft a.b.c.d a.b.c.d netmask 255.255.255.0 type rotary
ip nat inside destination list 110 pool ftp
access-list 110 permit tcp any any range 1023 9999

If your way is different please let me know,
Thanks