Cisco 1760 firewall

alex39481 · ‎04-01-2012

Hi all! I've got a 1760 router which uses port forwarding (25, 80 and 443) for my internal network services. If, let's say, I try to open a FTP connection on the router, of course the connection will be refused. Is there a way to make the router DROP the packets instead of rejecting them? My Linux iptables configurations drop packets who fail the firewall test, so I would like the router to perform that behavior.

Commands for port forwarding:

ip nat inside source static tcp 10.10.0.1 80 int f0/0 80 (these work fine)

Peter Paluch · ‎04-01-2012

Hello Alexandre,

On your outside interface, try using the following command: no ip unreachables

Best regards,

Peter

alex39481 · ‎04-01-2012

Thanks for the fast reply, I issued the command and when, let's say, I try to open a FTP connection to the router (which should be refused), I get an ICMP message back. I don't want to receive a message back. Here's the releavant part of my config:

interface FastEthernet0/0

ip address 24.226.150.89 255.255.255.0

no ip unreachables

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

!

ninoroygaleos · ‎04-01-2012

Hi Alexandre,

just supply the command from your interface that you would like to mute or dropped the packet,

# no ip unreacheable

Hope that would help your problem.

-onin.

alex39481 · ‎04-01-2012

According to my previous post, that's what I did.