Re: Cisco 1720: forwarding a port to a specific IP

Danno49 · ‎08-11-2003

If anyone can be of service here, I would greatly appreciate it. I need to forward a port to a specific IP address in my network. I just need the syntax to do this as I am not a networking genius and do not have the time to become one.

Cisco 1720

Config Maker 2.6

Help please?

Danno49

Here is my current IOS. I did not program this myself and it is working so I am hestitant to change anyting without the help of an expert.

!

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

no service tcp-small-servers

no service udp-small-servers

!

hostname MEMSRTR

!

enable password ******

!

ip name-server 207.230.75.34

!

ip subnet-zero

ip domain-lookup

ip routing

!

interface FastEthernet 0

no shutdown

description connected to EthernetLAN

ip address xxx.xxx.xxx.170 255.255.255.248

no ip directed-broadcast

keepalive 10

!

interface Serial 0

no shutdown

no description

service-module t1 clock source line

service-module t1 data-coding normal

service-module t1 remote-loopback full

service-module t1 framing esf

service-module t1 linecode b8zs

service-module t1 lbo none

service-module t1 remote-alarm-enable

no ip address

no ip directed-broadcast

encapsulation frame-relay

frame-relay lmi-type ansi

no fair-queue

!

interface Serial 0.1 point-to-point

no shutdown

description connected to Internet

ip address xx.xx.xxx.78 255.255.255.252

no ip directed-broadcast

frame-relay interface-dlci 100

!

router rip

version 2

network 216.248.188.0

passive-interface Serial 0.1

no auto-summary

!

ip classless

!

! IP Static Routes

ip route 0.0.0.0 0.0.0.0 Serial 0.1

no ip http server

snmp-server community ITC-PubliC RO

no snmp-server location

no snmp-server contact

!

line console 0

exec-timeout 0 0

password ******

login

transport input none

!

line vty 0 4

password ******

login

!

! The following commands are not recognized by Cisco ConfigMaker

! and are therefore appended here.

!

service timestamps debug datetime msec

service timestamps log datetime msec

logging buffered 32000 debugging

memory-size iomem 25

!

interface FastEthernet 0

full-duplex

!

end

ruwhite · ‎08-11-2003

When you say port, do you mean a specific interface, as in a fast ethernet, etc? Or do you mean as in NAT, you need to forward all http requests from an outside interface to an inside address? I don't see any NAT configured, so it doesn't seem like that. Do you mean thatn when someone telnets into the router, or dials in, they are automatically connected to some host, or (?)....

Russ.W

Danno49 · ‎08-11-2003

Russ,

I'm sorry. . .I should have been a tad more specific. I have a user who needs a specific TCP port opened for traffic to their specific machine.

We are using Symantec Enterprise firewall(definitely not my idea). I created a protocol and a rule to allow the traffic through it (the firewall). But I am told that the router needs to have the specific TCP port forwarded to the specific internal IP.

Please bare with me if I am not commmunicating what I am trying to accomplish properly. I am a neophyte on this level of configuration. If you need more information than I have provided, please indicate what you would like me to supply.

Thank you for taking the time to reply to me!

Danno49

Danno49 · ‎08-11-2003

More info:

The user wants to use eDonkey, a P2P file sharing program. In a perfect world, or more accurately, in my world using a better doggone firewall, one wouldn't need to forward the TCP port from the router to the address in question. But Symantec Firewall bites and refuses to pass anything that it isn't specifically told to and even THEN it doesn't always work. Like seems to be the case now. The port I need to allow traffic to and from is 4662. I was told by the operators of the eDonkey server that because the firewall won't behave they would like it to that it would be necessary to forward the IP.

So there you have it. I thought this would be a pretty straight forward deal. Harrumph.

Thanks for any thoughts you may have. Helpful or otherwise. = ;)

deilert · ‎08-13-2003

you do not need to configure the router to allow this port to pass

a simple test would be to telnet to that port from your router

router# telnet x.x.x.x 4662

you should see an open or a connection refuse by remote host , either way the router will try to initiate the session .

Danno49 · ‎08-13-2003

OK. . .

I cannot test the port from a telnet session, they will ban traffic from our IP if I do. I have used a test link. Here's the URL:

http://www.preinheimer.com/cgi-bin/connectiontest/connectiontest.cgi

When I do this test, I get an error on IP message, meaning the connection failed. This is the only acceptable way to them for testing. The test must be done with the eDonkey client running but not connected. I have been told that this is the way it must be done by the folks who run the server. They seem to be pretty knowledgable.

My firewall is configured properly to allow this traffic to pass so it is one of two things: The config on the router or our ISP is blocking the port. I haven't checked to see if the latter is the problem or not. I will do so.

If you have any ideas, please let me know. You will be making an executive happy! Oooooooooo! = ;)

Danno49 · ‎08-13-2003

I was able to make an agreement with the operators of the server so I won't need to tinker around with the settings on our router. Thanks to all for your help! I am relieved as I did not want to mess with a working router. It's darned reliable in it's current config.

Thanks again,

Danno49