Apertura de puertos interior y exterior en router

Ferrer · ‎06-22-2023

hola. estoy abriendo puertos en el router cisco y tengo el siguiente problema. en mi router antiguo tenia abiertos los puertos :

tcp int 4000 ext 4000

tcp int 4000 ext 443

cuando intento abrir el segundo me dice que ya está en uso el puerto. puedo abrir un puerto por ejemplo interno 4000 hacia dos puertos externos?

Flavio Miranda · ‎06-22-2023

Hi @Ferrer

Which route is it? Which IOS? Is this NAT (PAT) rules?

You shound be able to have what you have on old router.

Ferrer · ‎06-25-2023

router cisco isr 1111

version 17.3

ip dhcp excluded-address 192.168.1.1 192.168.1.20

ip dhcp excluded-address 192.168.1.40 192.168.1.254

ip dhcp excluded-address 192.168.2.0 192.168.2.99

ip dhcp excluded-address 192.168.2.121 192.168.2.255

!

ip dhcp pool lan1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 8.8.8.8

!

ip dhcp pool lan2

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 8.8.8.8

lease infinite

interface GigabitEthernet0/0/0

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

negotiation auto

!

interface GigabitEthernet0/0/1

no ip address

ip nat outside

negotiation auto

spanning-tree portfast disable

!

interface GigabitEthernet0/0/1.1074

encapsulation dot1Q 1074

ip address dhcp

ip nat outside

!

interface GigabitEthernet0/1/0

!

interface GigabitEthernet0/1/1

!

interface GigabitEthernet0/1/2

!

interface GigabitEthernet0/1/3

!

interface GigabitEthernet0/1/4

!

interface GigabitEthernet0/1/5

!

interface GigabitEthernet0/1/6

!

interface GigabitEthernet0/1/7

!

interface Vlan1

ip address 192.168.2.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

!

ip http server

ip http authentication local

ip http secure-server

ip http secure-trustpoint TP-self-signed-3999794925

ip forward-protocol nd

ip nat inside source static udp 192.168.1.110 5000 interface GigabitEthernet0/0/1.1074 5000

ip nat inside source static tcp 192.168.1.110 5000 interface GigabitEthernet0/0/1.1074 5000

ip nat inside source static tcp 192.168.1.85 10072 interface GigabitEthernet0/0/1.1074 10072

ip nat inside source static tcp 192.168.1.85 10073 interface GigabitEthernet0/0/1.1074 10073

ip nat inside source static tcp 192.168.1.85 10074 interface GigabitEthernet0/0/1.1074 10074

ip nat inside source static tcp 192.168.1.85 10075 interface GigabitEthernet0/0/1.1074 10075

ip nat inside source static tcp 192.168.1.85 10076 interface GigabitEthernet0/0/1.1074 10076

ip nat inside source static tcp 192.168.1.85 10077 interface GigabitEthernet0/0/1.1074 10077

ip nat inside source static tcp 192.168.1.85 10078 interface GigabitEthernet0/0/1.1074 10078

ip nat inside source static tcp 192.168.1.85 10079 interface GigabitEthernet0/0/1.1074 10079

ip nat inside source static tcp 192.168.1.85 10080 interface GigabitEthernet0/0/1.1074 10080

ip nat inside source static tcp 192.168.1.85 10071 interface GigabitEthernet0/0/1.1074 10071

ip nat inside source static tcp 192.168.1.85 10070 interface GigabitEthernet0/0/1.1074 10070

ip nat inside source static udp 192.168.1.85 3658 interface GigabitEthernet0/0/1.1074 3658

ip nat inside source static udp 192.168.1.85 3478 interface GigabitEthernet0/0/1.1074 3478

ip nat inside source static udp 192.168.1.85 10070 interface GigabitEthernet0/0/1.1074 10070

ip nat inside source static tcp 192.168.1.60 5060 interface GigabitEthernet0/0/1.1074 5060

ip nat inside source static udp 192.168.1.60 5060 interface GigabitEthernet0/0/1.1074 5060

ip nat inside source static tcp 192.168.1.114 4232 interface GigabitEthernet0/0/1.1074 4232

ip nat inside source static udp 192.168.1.114 33212 interface GigabitEthernet0/0/1.1074 33212

ip nat inside source static udp 192.168.1.10 3778 interface GigabitEthernet0/0/1.1074 3778

ip nat inside source static tcp 192.168.1.10 8010 interface GigabitEthernet0/0/1.1074 8010

ip nat inside source static tcp 192.168.1.10 81 interface GigabitEthernet0/0/1.1074 81

ip nat inside source static tcp 192.168.1.110 8123 interface GigabitEthernet0/0/1.1074 443

ip nat inside source list lan1 interface GigabitEthernet0/0/1.1074 overload

ip nat inside source list lan2 interface GigabitEthernet0/0/1.1074 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1

!

ip access-list extended lan1

10 permit ip 192.168.1.0 0.0.0.255 any

ip access-list extended lan2

11 permit ip 192.168.2.0 0.0.0.255 any

!

route-map track-primary-if permit 1

match ip address 197

set interface GigabitEthernet0/0/1

!

Ferrer · ‎06-25-2023

a veces cuando pongo la linea "ip nat inside source static tcp 192.168.1.110 8123 interface GigabitEthernet0/0/1.1074 443" despues me deja poner "ip nat inside source static tcp 192.168.1.110 8123 interface GigabitEthernet0/0/1.1074 8123" entonces todo funciona correctamente. pero al apagar y encender el router vuelve a fallar. miro la configuracion de la nat y solamente me aparece la linea primera

Flavio Miranda · ‎06-25-2023

ip nat inside source static tcp 192.168.1.110 8123 interface GigabitEthernet0/0/1.1074 443

ip nat inside source static tcp 192.168.1.110 8123 interface GigabitEthernet0/0/1.1074 8123

Well, this two lines seems to be conflicting . The first line there will be a translate from 8123 to 443 but then on the second line you tell to keep the same port.

You area applying it to the same IP and toward the same interface.

Ferrer · ‎06-26-2023

si, asi lo tengo en mis anteriores routers /livebox y zyxel) y funcionan perfectamente. pero en este o me deja poner una linea o la otra. si pongo el puerto 443 me deja acceder desde el exterior a la maquina 192.168.1.110 y si pongo el puerto exterior 8123 me funciona la domótica. pero necesito las dos cosas. no hay forma de que el puerto interno 8123 se dirija a los puertos externos 8123 y 443?

saludos