NAT doesn't seem to work on all ports

Discussion in 'Cisco' started by gqmetro@yahoo.com, Jun 14, 2005.

  1. Guest

    I have a 2611 that has been in service for several years. I'm a cisco
    newby and want to allow IMAP4 to my mail server, so I got into the
    router and added tcp 143 to my nat but it doesn't seem to work. I
    thought perhaps it was in my firewall but that port is allowed. I used
    the external port scan tool from dslreports.com and all the ports
    listed in my nat show up there EXCEPT for 143. Am I missing something
    obvious?
    Tony

    interface Ethernet0/0
    description connected to Internet
    ip address 123.123.123.123 255.255.255.252
    ip access-group 100 in
    no ip directed-broadcast
    ip nat outside
    !
    interface Ethernet0/1
    description connected to EthernetLAN
    ip address 192.168.1.3 255.255.255.0
    ip access-group 100 in
    no ip directed-broadcast
    ip nat inside
    full-duplex
    !
    ip nat inside source list 1 interface Ethernet0/0 overload
    ip nat inside source static tcp 192.168.1.1 143 123.123.123.123 143
    extendable
    ip nat inside source static tcp 192.168.1.42 5631 123.123.123.123 5631
    extendable
    ip nat inside source static udp 192.168.1.42 5632 123.123.123.123 5632
    extendable
    ip nat inside source static tcp 192.168.1.1 25 123.123.123.123 25
    extendable
    ip nat inside source static tcp 192.168.1.57 22 123.123.123.123 22
    extendable
    ip nat inside source static tcp 192.168.1.1 510 123.123.123.123 510
    extendable
    ip nat inside source static tcp 192.168.1.1 110 123.123.123.123 110
    extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 123.123.123.12
    ip route 10.11.12.0 255.255.255.0 192.168.1.100
    ip route 192.168.0.0 255.255.0.0 192.168.1.100
    ip route 192.168.1.0 255.255.255.0 192.168.1.97
    no ip http server
    !
    logging history warnings
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 1 permit 192.168.2.0 0.0.0.255
    access-list 1 permit 192.168.3.0 0.0.0.255
    access-list 100 permit ip host 192.168.1.2 any
    access-list 100 permit ip host 192.168.1.34 any
    access-list 100 permit ip any any
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    , Jun 14, 2005
    #1
    1. Advertising

  2. RobO Guest

    Hi,

    If the access-list 100 is your inbound access-list from the internet
    then you will need to add an extra line to it.

    Copy the existing ACL 100 to an editor...
    PS!! Have you got another firewall in place before the router as this
    ACL allows all IP traffic through...dangerous!

    An entry for IMAP:
    If you want anyone to have access then
    access-list 100 permit tcp any host [mail_server_ip] eq 143

    ( not sure if you need udp port as well)

    The above line should be added towards the top of the access-list 100
    as the ACL is processed line by line as traffic passes.

    Remove ACL 100:
    int ethernet0/0
    no ip access-group 100 in
    exit
    no access-list 100
    [then]
    paste new ACL to router:
    int ethernet0/0
    ip access-group 100 in

    HTH,

    Rob
    RobO, Jun 15, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?ZA==?=

    router doesn't seem to work

    =?Utf-8?B?ZA==?=, Jun 12, 2005, in forum: Wireless Networking
    Replies:
    2
    Views:
    3,176
  2. XviD codec doesn't seem to work

    , Feb 12, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    4,923
    WormWood
    Feb 12, 2005
  3. Re: XviD codec doesn't seem to work

    , Feb 12, 2005, in forum: Computer Support
    Replies:
    0
    Views:
    465
  4. (PeteCresswell)
    Replies:
    5
    Views:
    441
  5. Gummy
    Replies:
    3
    Views:
    746
Loading...

Share This Page