cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2505
Views
0
Helpful
3
Replies

Help with Forwarding a range of ports on a Cisco 1841 Enterprise Router, please help me.

shamaustin
Level 1
Level 1

Help, we need to port forward a range of ports on a Cisco 1841 Router, Rom Version 12.3, Firmware flash:c1841-advsecurityk9-mz.124-2.T.bin

We need to port forward a range of ports from a WAN to internal IP. 

(There are deliberate typos in the IP information)

Cisco10 External IP: 40.34.159.3 Internal IP: 192.168.1.3 Port Range:  4000-4200 and 14000-14200

Cisco8 External IP: 40.34.159.4 Internal IP: 192.168.1.4 Port Range: 5000-5200  and 15000-15200

Newt1 External IP: 40.34.159.9 Internal IP: 192.168.1.9 Port Range:  6000-6200

We need simple commands, as I'm not very good with this. Please help me, my boss is not happy.

3 Replies 3

shamaustin
Level 1
Level 1

Guys, I'm just looking for simple commands to forward a range of ports.

I know fowarding a range of ports is a topic that has recieved some interest recently, but I don't know enough to "translate" the documents I found into actual commands. 

Please help.

Joshua Wheaton
Level 1
Level 1

To solve this port forward issue I would first setup an access list for the port ranges I want.

access-list 100 permit udp any any range 4000 4200

access-list 100 permit tcp any any range 4000 4200

access-list 100 permit tcp any any 14000 14200

access-list 100 permit udp any any 14000 14200

Next I would make a nat pool for the IP address I want to forward the ports too like this:

ip nat pool PORTFORWARD 192.168.1.3 192.168.1.3 netmask 255.255.255.0 type rotary

Finally I would apply the access list:

ip nat inside destination list 100 pool PORTFORWARD

I don't know if there is an easier way of doing this but this method seems to work well.

Abzal
Level 7
Level 7

Hi,

I've never done this before. But try this configuration

ip access-list extended PORTFWR_1

permit tcp host any any eq range 4000 4200

permit tcp host any any eq range 14000 14200

ip access-list extended PORTFWR_2

permit tcp host any any eq range 5000 5200

permit tcp host any any eq range 15000 15200

ip access-list extended PORTFWR_3

permit tcp host any any eq range 6000 6200

route-map PORTFORWARD_1

match ip address PORTFWR_1

route-map PORTFORWARD_2

match ip address PORTFWR_2

route-map PORTFORWARD_3

match ip address PORTFWR_3

ip nat inside source static 192.168.1.3 40.34.159.3 route-map PORTFORWARD_1

ip nat inside source static 192.168.1.4 40.34.159.4 route-map PORTFORWARD_1

ip nat inside source static 192.168.1.9 40.34.159.9 route-map PORTFORWARD_1

Let me know of results.

Hope it will help.

Best regards,
Abzal
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco