08-11-2003 09:25 AM - edited 03-02-2019 09:30 AM
If anyone can be of service here, I would greatly appreciate it. I need to forward a port to a specific IP address in my network. I just need the syntax to do this as I am not a networking genius and do not have the time to become one.
Cisco 1720
Config Maker 2.6
Help please?
Danno49
Here is my current IOS. I did not program this myself and it is working so I am hestitant to change anyting without the help of an expert.
!
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname MEMSRTR
!
enable password ******
!
ip name-server 207.230.75.34
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0
no shutdown
description connected to EthernetLAN
ip address xxx.xxx.xxx.170 255.255.255.248
no ip directed-broadcast
keepalive 10
!
interface Serial 0
no shutdown
no description
service-module t1 clock source line
service-module t1 data-coding normal
service-module t1 remote-loopback full
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 remote-alarm-enable
no ip address
no ip directed-broadcast
encapsulation frame-relay
frame-relay lmi-type ansi
no fair-queue
!
interface Serial 0.1 point-to-point
no shutdown
description connected to Internet
ip address xx.xx.xxx.78 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 100
!
router rip
version 2
network 216.248.188.0
passive-interface Serial 0.1
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0.1
no ip http server
snmp-server community ITC-PubliC RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password ******
login
transport input none
!
line vty 0 4
password ******
login
!
! The following commands are not recognized by Cisco ConfigMaker
! and are therefore appended here.
!
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 32000 debugging
memory-size iomem 25
!
interface FastEthernet 0
full-duplex
!
end
08-11-2003 09:58 AM
When you say port, do you mean a specific interface, as in a fast ethernet, etc? Or do you mean as in NAT, you need to forward all http requests from an outside interface to an inside address? I don't see any NAT configured, so it doesn't seem like that. Do you mean thatn when someone telnets into the router, or dials in, they are automatically connected to some host, or (?)....
Russ.W
08-11-2003 10:38 AM
Russ,
I'm sorry. . .I should have been a tad more specific. I have a user who needs a specific TCP port opened for traffic to their specific machine.
We are using Symantec Enterprise firewall(definitely not my idea). I created a protocol and a rule to allow the traffic through it (the firewall). But I am told that the router needs to have the specific TCP port forwarded to the specific internal IP.
Please bare with me if I am not commmunicating what I am trying to accomplish properly. I am a neophyte on this level of configuration. If you need more information than I have provided, please indicate what you would like me to supply.
Thank you for taking the time to reply to me!
Danno49
08-11-2003 03:19 PM
More info:
The user wants to use eDonkey, a P2P file sharing program. In a perfect world, or more accurately, in my world using a better doggone firewall, one wouldn't need to forward the TCP port from the router to the address in question. But Symantec Firewall bites and refuses to pass anything that it isn't specifically told to and even THEN it doesn't always work. Like seems to be the case now. The port I need to allow traffic to and from is 4662. I was told by the operators of the eDonkey server that because the firewall won't behave they would like it to that it would be necessary to forward the IP.
So there you have it. I thought this would be a pretty straight forward deal. Harrumph.
Thanks for any thoughts you may have. Helpful or otherwise. = ;)
08-13-2003 09:55 AM
you do not need to configure the router to allow this port to pass
a simple test would be to telnet to that port from your router
router# telnet x.x.x.x 4662
you should see an open or a connection refuse by remote host , either way the router will try to initiate the session .
08-13-2003 11:03 AM
OK. . .
I cannot test the port from a telnet session, they will ban traffic from our IP if I do. I have used a test link. Here's the URL:
http://www.preinheimer.com/cgi-bin/connectiontest/connectiontest.cgi
When I do this test, I get an error on IP message, meaning the connection failed. This is the only acceptable way to them for testing. The test must be done with the eDonkey client running but not connected. I have been told that this is the way it must be done by the folks who run the server. They seem to be pretty knowledgable.
My firewall is configured properly to allow this traffic to pass so it is one of two things: The config on the router or our ISP is blocking the port. I haven't checked to see if the latter is the problem or not. I will do so.
If you have any ideas, please let me know. You will be making an executive happy! Oooooooooo! = ;)
08-13-2003 02:26 PM
I was able to make an agreement with the operators of the server so I won't need to tinker around with the settings on our router. Thanks to all for your help! I am relieved as I did not want to mess with a working router. It's darned reliable in it's current config.
Thanks again,
Danno49
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide