Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Ports open behind NAT

From the outside I can port scan my pool of outside addresses and find open ports ( 25-smtp, 139-NetBios, etc). Then from the outside I can telnet to port 25 and a Microsoft mail server may respond. I traced one of these back to a Win 2000 workstation that had smtp service running.

My configuration follows. What is causing these ports to be open?

Any help is greatly appreciated!

Current configuration : 2153 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname #####

!

logging buffered 4096 debugging

logging rate-limit console 10 except errors

enable password #####

!

memory-size iomem 25

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

no ip finger

ip name-server ###.###.112.20

!

ip audit notify log

ip audit po max-events 100

!

!

!

interface FastEthernet0

ip address 192.25.229.33 255.255.255.0

ip nat inside

speed auto

!

interface Serial0

no ip address

encapsulation frame-relay IETF

no fair-queue

service-module t1 timeslots 1-24

frame-relay lmi-type ansi

!

interface Serial0.1 point-to-point

ip address ##.###.144.130 255.255.255.252

ip nat outside

frame-relay interface-dlci 16

!

ip nat pool 1 ###.##.112.193 ###.##.112.223 netmask 255.255.255.224

ip nat inside source list 10 pool 1 overload

ip nat inside source static udp 192.25.229.137 5632 ###.##.112.219 5632 extendab

le

ip nat inside source static tcp 192.25.229.137 5631 ###.##.112.219 5631 extendab

le

ip nat inside source static udp 192.25.229.167 5632 ###.##.112.220 5632 extendab

le

ip nat inside source static tcp 192.25.229.167 5631 ###.##.112.220 5631 extendab

le

ip classless

ip route 0.0.0.0 0.0.0.0 ##.###.144.129

ip route ###.##.112.192 255.255.255.224 Null0 225

no ip http server

!

access-list 10 permit ###.###.34.105

access-list 10 permit 192.25.229.0 0.0.0.255

!

line con 0

password #####

login

transport input none

line aux 0

line vty 0 4

access-class 10 in

password ####

login

!

no scheduler allocate

end

3 REPLIES
Cisco Employee

Re: Ports open behind NAT

I do not see any static translation for tcp port 25 for smtp from outside to inside in the config. I only see the static port (tcp and udp) 5631 and 5632 from outside mapped to 37 and 67 inside ip address. So since no static mapping for port tcp 25 for internal email server, the telnet to that port from outside should not work at all.

Try to telnet to outside ip address with port 25 and see the "show ip nat trans" on a router.

Cisco Employee

Re: Ports open behind NAT

Just to add, turn on debug for

debug ip nat detailed

and initiate the telnet connection to port 25 and see which inside ip address its natted.

Here is url which is explaining the same

http://www.cisco.com/warp/customer/794/827spat.html

New Member

Re: Ports open behind NAT

This is sample from -- show ip nat translation

You can see some outside address connected to inside ones

I rebooted the router and it takes a while before the connections show up again in the nat translation list

Pro Inside global Inside local Outside local Outside global

tcp xxx.xxx.112.194:1114 192.25.229.159:1114 64.12.30.136:5190 64.12.30.136:5190

tcp xxx.xxx.112.200:1731 192.25.229.34:1731 64.12.136.249:25 64.12.136.249:25

tcp xxx.xxx.112.197:2745 192.25.229.166:2745 209.xxx.163.22:80 209.xxx.163.22:80

tcp xxx.xxx.112.197:2747 192.25.229.166:2747 209.xxx.163.22:80 209.xxx.163.22:80

--- xxx.xxx.112.194 192.25.229.159 --- ---

--- xxx.xxx.112.195 192.25.229.184 --- ---

--- xxx.xxx.112.196 192.25.229.130 --- ---

The last 3 lines look like direct connections

One of these is a Novell 4.11 server and the SMTP on that will respond to an outside request on port 25

Thanks for your help

119
Views
0
Helpful
3
Replies
CreatePlease to create content