12-09-2008 08:01 AM - edited 03-06-2019 02:53 AM
Hi,
I am still struggling trying to configure port forwarding on our CISCO 2811 Router as mentioned previously LAN, Switching and Routing: Port Forwarding (static PAT) not working.
Anyone had similar experience and can shine some light how I go about configuring it.
Thanks,
Lee Hall
12-09-2008 11:53 AM
Generally, you have nat enabled. I'm assuming you have that part done (since I haven't seen your config). :-)
Then you would put:
ip nat inside source static tcp
OR
ip nat inside source static
You can then control access into the network with ACLs on your public interface.
I may be able to help a little more if you posted your nat and interface configs.
HTH,
John
12-10-2008 04:11 AM
Hi Jon,
My config is posted in my previous post
LAN, Switching and Routing ->
Port Forwarding (static PAT) not working
I am using NAT and have been doing similar to what you have mentioned.
I think the problem is I'm not applying the ACL's on the correct interface.
Basically I am using the FastEthernet0/0 interface to the router
Then I have 4 Dailers that connect the ATMx/x/x interfaces.
Basically we have a switch that all our sytems including the server we want to port forward to then this is connected to the FastEthernet0/0 port on the router
The problem I was getting is that I either end up killing our outbound internet connection or Port forwarding doesn't work.
Lets say I want to port forward SMTP and my public ip was 10.10.10.10 (its not but will do for the example) and the SMTP server is 192.168.1.10/24
so to example port forwarding i do this
ip nat inside source static tcp 192.168.1.10 25 10.10.10.10 25
then create a ACL like so
access-list 160 permit tcp any host 10.10.10.10 eq 25
Now heres my confusing what interface(s) do i need to apply this?
would it be each of my dialers i.e.
interface Dialer1
ip access-group 160 in
Do I also need to apply the rule to my FastEthernet0/0 interface and do I need to apply some other rule to stop my outbound LAN traffic from being blocked from accessing the internet
At the moment I have another ACL
access-list 6 permit 192.168.1.0 0.0.0.255
which is added via route-map's for each of the Dialers.
Hope that makes sense. Let me know if you need any more info. I really want to try get this wrapped up before Christmas.
Thanks,
Lee
12-10-2008 05:01 AM
Apply this in internface for NAT
Int f0/0
IP nat inside
int dialer 1
ip nat outside
ip nat inside source list 2 interface Dialer1 overload
access-list 2 permit 192.168.1.0 0.0.0.255
HTH
Ram
12-10-2008 05:11 AM
Lee,
You would apply your ACL to the dialer interfaces if this is where your outside NAT statements are applied.
(I haven't looked at your config yet, but if this doesn't fix it then I'll find your other post.)
HTH,
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: