Configuring Port Forwarding CISCO 2811

Unanswered Question
Dec 9th, 2008
User Badges:

Hi,


I am still struggling trying to configure port forwarding on our CISCO 2811 Router as mentioned previously LAN, Switching and Routing: Port Forwarding (static PAT) not working.


Anyone had similar experience and can shine some light how I go about configuring it.


Thanks,


Lee Hall

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Tue, 12/09/2008 - 11:53
User Badges:
  • Purple, 4500 points or more

Generally, you have nat enabled. I'm assuming you have that part done (since I haven't seen your config). :-)


Then you would put:


ip nat inside source static tcp 25 25


OR


ip nat inside source static extendable


You can then control access into the network with ACLs on your public interface.


I may be able to help a little more if you posted your nat and interface configs.


HTH,


John

l33h3lluk Wed, 12/10/2008 - 04:11
User Badges:

Hi Jon,

My config is posted in my previous post


LAN, Switching and Routing ->

Port Forwarding (static PAT) not working


I am using NAT and have been doing similar to what you have mentioned.


I think the problem is I'm not applying the ACL's on the correct interface.



Basically I am using the FastEthernet0/0 interface to the router

Then I have 4 Dailers that connect the ATMx/x/x interfaces.


Basically we have a switch that all our sytems including the server we want to port forward to then this is connected to the FastEthernet0/0 port on the router


The problem I was getting is that I either end up killing our outbound internet connection or Port forwarding doesn't work.



Lets say I want to port forward SMTP and my public ip was 10.10.10.10 (its not but will do for the example) and the SMTP server is 192.168.1.10/24


so to example port forwarding i do this

ip nat inside source static tcp 192.168.1.10 25 10.10.10.10 25


then create a ACL like so

access-list 160 permit tcp any host 10.10.10.10 eq 25


Now heres my confusing what interface(s) do i need to apply this?


would it be each of my dialers i.e.


interface Dialer1

ip access-group 160 in


Do I also need to apply the rule to my FastEthernet0/0 interface and do I need to apply some other rule to stop my outbound LAN traffic from being blocked from accessing the internet


At the moment I have another ACL

access-list 6 permit 192.168.1.0 0.0.0.255

which is added via route-map's for each of the Dialers.


Hope that makes sense. Let me know if you need any more info. I really want to try get this wrapped up before Christmas.


Thanks,


Lee

Ramprasad Pr Wed, 12/10/2008 - 05:01
User Badges:

Apply this in internface for NAT

Int f0/0

IP nat inside


int dialer 1

ip nat outside



ip nat inside source list 2 interface Dialer1 overload


access-list 2 permit 192.168.1.0 0.0.0.255



HTH

Ram



John Blakley Wed, 12/10/2008 - 05:11
User Badges:
  • Purple, 4500 points or more

Lee,


You would apply your ACL to the dialer interfaces if this is where your outside NAT statements are applied.


(I haven't looked at your config yet, but if this doesn't fix it then I'll find your other post.)


HTH,


John

Actions

This Discussion