Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > mapping range of ports on Cisco SOHO 77

Reply
Thread Tools

mapping range of ports on Cisco SOHO 77

 
 
Mofoshaweng
Guest
Posts: n/a
 
      03-24-2005
Hi all,

I've been trying to map a range of ports to an internal IP address for some
time now and I
just can't seem to figure it out.

For a single portmapping I could for example use this:

ip nat inside source static tcp 192.168.100.102 25 66.239.153.194 25

The above works. But I need to map a whole range of ports from 25 upto and
including
50 to 192.168.100.102.

Does anybody know what the command is?

I've also experimented with extended access lists.

I've used:

access-list 110 permit tcp any host 192.168.100.102 range 25 50

or

access-list 110 permit tcp any any range25 50

And other variations but none of them work.

Can anyone point me in the right direction?

Any help is very much appreciated!

Mofo.


 
Reply With Quote
 
 
 
 
RobO
Guest
Posts: n/a
 
      03-24-2005
Hi,

I think you cant map a range of ports to an internal host with a range
of ports as you described.
Someone please correct me if I'm wrong!

You would have to a line for each mapping that you want to forward like
the one you posted for SMTP........lots of lines!

Can I ask why you want to map that range?

Rob

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      03-24-2005
In article <(E-Mail Removed). com>,
RobO <(E-Mail Removed)> wrote:
:I think you cant map a range of ports to an internal host with a range
f ports as you described.
:Someone please correct me if I'm wrong!

The OP was using IOS; I'm not as familiar with static PAT on that.
On the PIX, there is no direct way to map a range of ports -- the
most direct way is one line per port.

What is now possible on the PIX, as of PIX 6.3(4), is "policy static",
in which you can specify a static address and an access list.
The access list may specify ports (but may not have any 'deny'
statements.) You may have to experiment in order to do any kind
of mapping of port ranges, particularily in conjunction with 'any'.
[You might only be able to map a port range for one IP to one IP...
I have a description of the rules somewhere but it's messy and I have
not had time to digest it.]

The PIX documentation is at
http://www.cisco.com/univercd/cc/td/....htm#wp1026694

You might perhaps be able to find something in it that parallels a
facility in IOS.

On the other hand, SOHO 77 is probably not going to have the latest
IOS, so there might not be any similar facility.
--
"I want to make sure [a user] can't get through ... an online
experience without hitting a Microsoft ad"
-- Steve Ballmer [Microsoft Chief Executive]
 
Reply With Quote
 
krame18
Guest
Posts: n/a
 
      03-25-2005
Gary,

You could try an access list like follows:

access-list 110 permit 192.168.100.0 0.0.0.255

This would allow you access from ports 1-254 on the
192.168.100.0/24 network

Mark

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      03-26-2005
In article <(E-Mail Removed) .com>,
krame18 <(E-Mail Removed)> wrote:
: You could try an access list like follows:

: access-list 110 permit 192.168.100.0 0.0.0.255

: This would allow you access from ports 1-254 on the
:192.168.100.0/24 network

I don't think that would even parse. In IOS, an access list numbered
in the 100-199 range is an extended access list which requires a protocol
after the 'permit' or 'deny' keyword; extended access lists also require
both source and destination. And I've never seen a mask being used to
define a port range.

Are you sure you aren't confusing addresses and ports? A port
is a 16 bit number from 1 to 65535 that refers to a service at a
particular IP address (which is a 32 bit number for IPv4).
--
Ceci, ce n'est pas une idée.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: Ports/services for drive mapping Thrill5 Cisco 1 04-18-2009 02:03 AM
Mapping IP/MAC to Ports Carl Hilton Cisco 1 06-06-2008 05:37 PM
Recommendations Please for a PCI card w/ two USB 2 Ports and FireWaire Ports Mike Digital Photography 27 02-26-2006 12:54 AM
port mapping for a range of ports mofoshaweng Cisco 5 04-02-2004 05:25 AM
PIX and mapping ports Kirk Goins Cisco 2 12-05-2003 11:06 PM



Advertisments