SOHO 77 + 827 .... NAT, Port forwarding and Firewalling

Discussion in 'Cisco' started by Michael, Jul 9, 2005.

  1. Michael

    Michael Guest

    Hi All,

    I have recently acquired a SOHO 77 adsl router and an 827H adsl router .
    I've managed to configure them as far as connecting via PPPOE to the ISP,
    and allowing LAN users to access the internet. The soho 77 will be acting as
    a DHCP server for its LAN.

    I have a few questions about the setups though. I'm reasonably new to IOS,
    learning from the docs I can find on the internet.

    With the 77, what I want to be able to do is basically lock off the router
    externally. I dont want to be able to ping it, and any connections to it
    need to be dropped. Essentially it has to be a stateful firewall. Is this at
    all possible? I've read some stuff on reflexing, which sounds about right,
    but I'm not too sure. I also want to be able to portforward things such as
    port 80 into an internal server. How do I go about doing this?

    The 827 is used in a slightly different config. What I want it to do is just
    handle the PPPOE connection, NAT the stuff internally going out, and forward
    everything hitting it externally to the firewall it is connected to. This
    will then handle the rest of the routing and forwarding in regards to the
    DMZ and internal hosts.


    ISP
    |
    |
    atm0
    827 Router
    eth0
    |
    |
    eth2
    Internal router
    eth0 eth1
    | |
    | +----> DMZ
    LAN


    How do I go about setting this up? I am aware of the implications of the
    double-nat'ting, but I know what I need to be able to do. Basically, in this
    scenario, I have been having problems with the internal router's PPPOE
    conncetion dropping out frequently, and would prefer to offload it to
    something more manageable and reliable.

    Would it be easier to swap the SOHO77 and the 827's roles due to the
    differences in the units?


    Any help on this would be muchly appreciated!

    Thankyou,
    Mike



    For reference:

    Software version (SOHO 77):
    ----------------------------------------------

    Cisco Internetwork Operating System Software
    IOS (tm) SOHO70 Software (SOHO70-Y1-M), Version 12.3(15), RELEASE SOFTWARE
    (fc3)

    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Wed 25-May-05 07:20 by ssearch
    Image text-base: 0x80013148, data-base: 0x805E5C80

    ROM: System Bootstrap, Version 12.1(3r)XP, RELEASE SOFTWARE (fc1)
    ROM: SOHO70 Software (SOHO70-Y1-M), Version 12.3(15), RELEASE SOFTWARE (fc3)

    Router uptime is 3 minutes
    System returned to ROM by power-on
    System image file is "flash:soho70-y1-mz.123-15.bin"

    CISCO SOHO 77 (MPC855T) processor (revision 0x502) with 15360K/1024K bytes
    of me
    mory.
    Processor board ID JAD0538077U (3097123825), with hardware revision 0000
    CPU rev number 5
    Bridging software.
    1 Ethernet/IEEE 802.3 interface(s)
    1 ATM network interface(s)
    128K bytes of non-volatile configuration memory.
    8192K bytes of processor board System flash (Read/Write)
    2048K bytes of processor board Web flash (Read/Write)

    Configuration register is 0x2102
    ----------------------------------------------


    Software version (827):
    ----------------------------------------------
    Cisco Internetwork Operating System Software
    IOS (tm) C820 Software (C820-OY6-M), Version 12.3(15), RELEASE SOFTWARE
    (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2005 by cisco Systems, Inc.
    Compiled Wed 25-May-05 07:25 by ssearch
    Image text-base: 0x80013148, data-base: 0x80778178

    ROM: System Bootstrap, Version 12.2(4r)XM2, RELEASE SOFTWARE (fc1)
    ROM: C820 Software (C820-OY6-M), Version 12.3(15), RELEASE SOFTWARE (fc3)

    Router uptime is 5 minutes
    System returned to ROM by power-on
    System image file is "flash:c820-oy6-mz.123-15.bin"

    CISCO C827H (MPC855T) processor (revision 0x401) with 31744K/1024K bytes of
    memo
    ry.
    Processor board ID FOC064308KL (1607207016), with hardware revision F9C0
    CPU rev number 5
    Bridging software.
    1 Ethernet/IEEE 802.3 interface(s)
    1 ATM network interface(s)
    128K bytes of non-volatile configuration memory.
    8192K bytes of processor board System flash (Read/Write)
    2048K bytes of processor board Web flash (Read/Write)

    Configuration register is 0x2102

    ----------------------------------------------
    Michael, Jul 9, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ArielM

    Port forwarding on a cisco 827

    ArielM, Mar 2, 2004, in forum: Cisco
    Replies:
    2
    Views:
    3,366
    John Rennie
    Mar 3, 2004
  2. ComputerMan
    Replies:
    3
    Views:
    3,000
  3. Weili
    Replies:
    2
    Views:
    7,304
    Weili
    Mar 1, 2005
  4. congoclash
    Replies:
    4
    Views:
    3,159
    congoclash
    May 14, 2005
  5. Galerio
    Replies:
    11
    Views:
    4,187
    Galerio
    Mar 9, 2009
Loading...

Share This Page