mapping range of ports on Cisco SOHO 77

Discussion in 'Cisco' started by Mofoshaweng, Mar 24, 2005.

  1. Mofoshaweng

    Mofoshaweng Guest

    Hi all,

    I've been trying to map a range of ports to an internal IP address for some
    time now and I
    just can't seem to figure it out.

    For a single portmapping I could for example use this:

    ip nat inside source static tcp 192.168.100.102 25 66.239.153.194 25

    The above works. But I need to map a whole range of ports from 25 upto and
    including
    50 to 192.168.100.102.

    Does anybody know what the command is?

    I've also experimented with extended access lists.

    I've used:

    access-list 110 permit tcp any host 192.168.100.102 range 25 50

    or

    access-list 110 permit tcp any any range25 50

    And other variations but none of them work.

    Can anyone point me in the right direction?

    Any help is very much appreciated!

    Mofo.
     
    Mofoshaweng, Mar 24, 2005
    #1
    1. Advertising

  2. Mofoshaweng

    RobO Guest

    Hi,

    I think you cant map a range of ports to an internal host with a range
    of ports as you described.
    Someone please correct me if I'm wrong!

    You would have to a line for each mapping that you want to forward like
    the one you posted for SMTP........lots of lines!

    Can I ask why you want to map that range?

    Rob
     
    RobO, Mar 24, 2005
    #2
    1. Advertising

  3. In article <>,
    RobO <> wrote:
    :I think you cant map a range of ports to an internal host with a range
    :eek:f ports as you described.
    :Someone please correct me if I'm wrong!

    The OP was using IOS; I'm not as familiar with static PAT on that.
    On the PIX, there is no direct way to map a range of ports -- the
    most direct way is one line per port.

    What is now possible on the PIX, as of PIX 6.3(4), is "policy static",
    in which you can specify a static address and an access list.
    The access list may specify ports (but may not have any 'deny'
    statements.) You may have to experiment in order to do any kind
    of mapping of port ranges, particularily in conjunction with 'any'.
    [You might only be able to map a port range for one IP to one IP...
    I have a description of the rules somewhere but it's messy and I have
    not had time to digest it.]

    The PIX documentation is at
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

    You might perhaps be able to find something in it that parallels a
    facility in IOS.

    On the other hand, SOHO 77 is probably not going to have the latest
    IOS, so there might not be any similar facility.
    --
    "I want to make sure [a user] can't get through ... an online
    experience without hitting a Microsoft ad"
    -- Steve Ballmer [Microsoft Chief Executive]
     
    Walter Roberson, Mar 24, 2005
    #3
  4. Mofoshaweng

    krame18 Guest

    Gary,

    You could try an access list like follows:

    access-list 110 permit 192.168.100.0 0.0.0.255

    This would allow you access from ports 1-254 on the
    192.168.100.0/24 network

    Mark
     
    krame18, Mar 25, 2005
    #4
  5. In article <>,
    krame18 <> wrote:
    : You could try an access list like follows:

    : access-list 110 permit 192.168.100.0 0.0.0.255

    : This would allow you access from ports 1-254 on the
    :192.168.100.0/24 network

    I don't think that would even parse. In IOS, an access list numbered
    in the 100-199 range is an extended access list which requires a protocol
    after the 'permit' or 'deny' keyword; extended access lists also require
    both source and destination. And I've never seen a mask being used to
    define a port range.

    Are you sure you aren't confusing addresses and ports? A port
    is a 16 bit number from 1 to 65535 that refers to a service at a
    particular IP address (which is a 32 bit number for IPv4).
    --
    Ceci, ce n'est pas une idée.
     
    Walter Roberson, Mar 26, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kirk Goins

    PIX and mapping ports

    Kirk Goins, Dec 5, 2003, in forum: Cisco
    Replies:
    2
    Views:
    1,345
    Rik Bain
    Dec 5, 2003
  2. mofoshaweng

    port mapping for a range of ports

    mofoshaweng, Apr 1, 2004, in forum: Cisco
    Replies:
    5
    Views:
    743
    Hansang Bae
    Apr 2, 2004
  3. gooker

    port range mapping ?

    gooker, Dec 17, 2006, in forum: Cisco
    Replies:
    3
    Views:
    1,660
    globalchicken
    Dec 18, 2006
  4. Carl Hilton

    Mapping IP/MAC to Ports

    Carl Hilton, Jun 6, 2008, in forum: Cisco
    Replies:
    1
    Views:
    464
    fugettaboutit
    Jun 6, 2008
  5. Thrill5
    Replies:
    1
    Views:
    918
    bod43
    Apr 18, 2009
Loading...

Share This Page