newbie question (forward all traffic to firewall)

Discussion in 'Cisco' started by RatM, May 7, 2004.

  1. RatM

    RatM Guest

    Hello,

    We need to place a firewall at a customere site, he has an cisco 826 router
    with a fixed ip.
    Since they haven't got anymore an network administrator we have to config
    this router for working with our firewall.

    I just need to know the rule to forward all udp/tcp traffic to our firewall,
    anyone wanna help ?

    greetings,
    RatM, May 7, 2004
    #1
    1. Advertising

  2. In article <409bad98$0$25091$>,
    RatM <> wrote:
    :We need to place a firewall at a customere site, he has an cisco 826 router
    :with a fixed ip.
    :Since they haven't got anymore an network administrator we have to config
    :this router for working with our firewall.

    :I just need to know the rule to forward all udp/tcp traffic to our firewall,

    'show run' and look for an 'ip route 0.0.0.0 0.0.0.0' statement.
    If one exists, you will have to go into configuration mode, command
    no ip route 0.0.0.0 0.0.0.0
    and then enter in the ip route statement that would be appropriate
    for the configuration.

    If no 'ip route 0.0.0.0 0.0.0.0' statement exists, then they might
    be getting their default route via RIP or some other such mechanism.
    If so, then you could configure your firewall to send a default route
    using the same mechanism, or you could turn off the mechanism and use
    the ip route statement.

    --
    We don't need no side effect-ing
    We don't need no scope control
    No global variables for execution
    Hey! Did you leave those args alone? -- decvax!utzoo!utcsrgv!roderick
    Walter Roberson, May 7, 2004
    #2
    1. Advertising

  3. RatM

    RatM Guest

    It has nothing to do with routing but with upd/tcp port traffic. I want to
    see all incoming ports forwarded to the lan ip address of the new firewall.

    "Walter Roberson" <-cnrc.gc.ca> schreef in bericht
    news:c7gbi0$lhg$...
    > In article <409bad98$0$25091$>,
    > RatM <> wrote:
    > :We need to place a firewall at a customere site, he has an cisco 826

    router
    > :with a fixed ip.
    > :Since they haven't got anymore an network administrator we have to config
    > :this router for working with our firewall.
    >
    > :I just need to know the rule to forward all udp/tcp traffic to our

    firewall,
    >
    > 'show run' and look for an 'ip route 0.0.0.0 0.0.0.0' statement.
    > If one exists, you will have to go into configuration mode, command
    > no ip route 0.0.0.0 0.0.0.0
    > and then enter in the ip route statement that would be appropriate
    > for the configuration.
    >
    > If no 'ip route 0.0.0.0 0.0.0.0' statement exists, then they might
    > be getting their default route via RIP or some other such mechanism.
    > If so, then you could configure your firewall to send a default route
    > using the same mechanism, or you could turn off the mechanism and use
    > the ip route statement.
    >
    > --
    > We don't need no side effect-ing
    > We don't need no scope control
    > No global variables for execution
    > Hey! Did you leave those args alone? --

    decvax!utzoo!utcsrgv!roderick
    RatM, May 10, 2004
    #3
  4. In article <409f9030$0$22976$>,
    RatM <> wrote:
    :It has nothing to do with routing but with upd/tcp port traffic. I want to
    :see all incoming ports forwarded to the lan ip address of the new firewall.

    Sorry, could you clarify how your requirement differs from routing?
    The 826 will be receiving packets from the outside, and you want
    those packets to end up at another IP. That would normally be routing.

    Unless, that is, the situation is that the destination IP *is* the
    IP of the 826 itself, and you want to do port forwarding?
    [If so and the next hop is a cisco box, then you might want to
    consider using 'ip unnumbered' on the link and then route the
    traffic after all.]
    --
    I was very young in those days, but I was also rather dim.
    -- Christopher Priest
    Walter Roberson, May 10, 2004
    #4
  5. RatM

    RatM Guest

    We've got our cisco 826 with an static internet IP , and as LAN IP
    10.0.0.254 (wich is the internet gateway for the LAN)
    We need to install an firewall (10.0.0.250) , so all incoming traffic (http,
    smtp, ftp , everything) needs to go from the wan ip to 10.0.0.250

    there is a route command now on the router wich is "ip route 0.0.0.0 0.0.0.0
    ISP Gateway",


    "Walter Roberson" <-cnrc.gc.ca> schreef in bericht
    news:c7o75e$2e2$...
    > In article <409f9030$0$22976$>,
    > RatM <> wrote:
    > :It has nothing to do with routing but with upd/tcp port traffic. I want

    to
    > :see all incoming ports forwarded to the lan ip address of the new

    firewall.
    >
    > Sorry, could you clarify how your requirement differs from routing?
    > The 826 will be receiving packets from the outside, and you want
    > those packets to end up at another IP. That would normally be routing.
    >
    > Unless, that is, the situation is that the destination IP *is* the
    > IP of the 826 itself, and you want to do port forwarding?
    > [If so and the next hop is a cisco box, then you might want to
    > consider using 'ip unnumbered' on the link and then route the
    > traffic after all.]
    > --
    > I was very young in those days, but I was also rather dim.
    > -- Christopher Priest
    RatM, May 11, 2004
    #5
  6. In article <40a10dc2$0$8403$>,
    RatM <> wrote:
    :We've got our cisco 826 with an static internet IP , and as LAN IP
    :10.0.0.254 (wich is the internet gateway for the LAN)
    :We need to install an firewall (10.0.0.250) , so all incoming traffic (http,
    :smtp, ftp , everything) needs to go from the wan ip to 10.0.0.250

    You may be able to use IRB (Integrated Routing and Bridging).
    Unless, that is, you happen to be running your 826 in ADSL over ISDN
    mode: IRB is not supported for ISDN.

    The idea would be to essentially use your 826 as a media-converting
    switch.

    Otherwise, having *all* incoming traffic go over to the firewall is
    likely not going to work. The 826 is probably going to treat some of
    the packets as destined for the 826 itself, and that is going to happen
    before any static nat takes place. I do not know exactly what traffic
    that the 826 will "eat" this way. The PIX, for example, will not
    forward on telnet or tcp 1467, because it needs those ports
    for itself.

    Beyond that... it should be a case of setting up static nat with port
    forwarding.
    --
    So you found your solution
    What will be your last contribution?
    -- Supertramp (Fool's Overture)
    Walter Roberson, May 11, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. B Squared
    Replies:
    7
    Views:
    599
    Walter Roberson
    May 24, 2005
  2. Replies:
    3
    Views:
    1,878
    Walter Roberson
    Sep 27, 2005
  3. Joe
    Replies:
    0
    Views:
    365
  4. wookie
    Replies:
    0
    Views:
    1,144
    wookie
    Sep 19, 2008
  5. wookie
    Replies:
    0
    Views:
    438
    wookie
    Sep 19, 2008
Loading...

Share This Page