Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
164
Views
0
Helpful
1
Replies

Public server

cgarlick1972
Level 1
Level 1

‎11-11-2024 10:10 AM

Below is my full config (With passwords/IPs removed)

I have my router with a Public IP connected directly to the internet MAC bridged

(Home internet WIFI on the modem on 192.168.0.0)

My Public server is 10.0.40.252 On my DMZ2 (Nat porting only what I want to access the server)

My private network is on 10.0.10.0 255.255.255.0 (192.168.0.0 WIFI on the modem)

(Ethernet 1&2 and Vlan2&Vlan3 not in use)

#1 I need to set it up so I add a ip nat inside source static tcp 10.0.40.252 PORT interface FastEthernet4 PORT with no acces to the other networks

#2 I would like to access 10.0.40.252 from my other networks (10.0.10.0 and 192.168.0.0)

I had this set up working perfectly and my ISP changed my modem and I cant seen to get it right again. (Back up did not work)

Any security issue or improvments to my setup appreciated!

 

###############################################################################################

!
version 12.4
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AvatarRT01
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging message-counter syslog
logging buffered 51200 warnings
logging console emergencies
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXXX
!
no aaa new-model
clock timezone PCTime -5
clock summer-time EDT recurring
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 10.0.10.1 10.0.10.10
ip dhcp excluded-address 10.0.20.1 10.0.20.10
ip dhcp excluded-address 10.0.30.1 10.0.30.10
ip dhcp excluded-address 10.0.40.1 10.0.40.10
ip dhcp excluded-address 10.0.10.100 10.0.10.254
ip dhcp excluded-address 10.0.20.100 10.0.20.254
ip dhcp excluded-address 10.0.30.100 10.0.30.254
ip dhcp excluded-address 10.0.40.100 10.0.40.254
!
ip dhcp pool Vlan1
import all
network 10.0.10.0 255.255.255.0
domain-name Avatar.Local
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.10.1
lease 0 2
!
ip dhcp pool Vlan2
import all
network 10.0.20.0 255.255.255.0
domain-name Avatar.Local
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.20.1
lease 0 2
!
ip dhcp pool Vlan3
import all
network 10.0.30.0 255.255.255.0
domain-name DMZ1
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.30.1
lease 0 2
!
ip dhcp pool Vlan4
import all
network 10.0.40.0 255.255.255.0
domain-name DMZ2
dns-server 8.8.8.8 8.8.4.4
default-router 10.0.40.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name Avatar.Local
no ipv6 cef
ntp server 216.239.35.4
!
multilink bundle-name authenticated
!
!
!
username XXXXXXX privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
archive
log config
logging enable
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet2
description DMZ1
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet3
description DMZ2
switchport access vlan 4
spanning-tree portfast
!
interface FastEthernet4
description $ETH-WAN$
mac-address XXXXXXXXXXX
ip address PUBLIC_IP 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
arp timeout 180
!
interface Vlan1
description Vlan1
ip address 10.0.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Vlan2
description Vlan2
ip address 10.0.20.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Vlan3
description Vlan3
ip address 10.0.30.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Vlan4
description Vlan4
ip address 10.0.40.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 PUBLIC_GATEWAY
no ip http server
no ip http secure-server
!
ip flow-top-talkers
top 100
sort-by bytes
!
ip dns server
ip nat pool NAT_HOST 10.0.40.252 10.0.40.252 netmask 255.255.255.0 type rotary
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.40.252 80 interface FastEthernet4 80
ip nat inside source static tcp 10.0.40.252 443 interface FastEthernet4 443
ip nat inside source static tcp 10.0.40.252 25565 interface FastEthernet4 25565
ip nat inside source static tcp 10.0.40.252 5998 interface FastEthernet4 5998
ip nat inside source static udp 10.0.40.252 5998 interface FastEthernet4 5998
ip nat inside source static udp 10.0.40.252 5999 interface FastEthernet4 5999
ip nat inside source static tcp 10.0.40.252 5999 interface FastEthernet4 5999
ip nat inside source static udp 10.0.40.252 9901 interface FastEthernet4 9901
ip nat inside source static tcp 10.0.40.252 9901 interface FastEthernet4 9901
ip nat inside source static tcp 10.0.40.252 9900 interface FastEthernet4 9900
ip nat inside source static udp 10.0.40.252 9900 interface FastEthernet4 9900
ip nat inside source static tcp 10.0.40.252 54230 interface FastEthernet4 54230
ip nat inside source static tcp 10.0.40.252 54231 interface FastEthernet4 54231
ip nat inside source static tcp 10.0.40.252 54001 interface FastEthernet4 54001
ip nat inside source static tcp 10.0.40.252 54002 interface FastEthernet4 54002
ip nat inside source static udp 10.0.40.252 54230 interface FastEthernet4 54230
ip nat inside destination list PORT_RANGE pool NAT_HOST
!
ip access-list extended PORT_RANGE
permit tcp any any range 7000 7500
permit tcp any any range 9000 9012
permit udp any any range 7000 7500
permit udp any any range 9000 9012
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 10.0.10.0 0.0.0.255
access-list 1 permit 10.0.20.0 0.0.0.255
access-list 1 permit 10.0.30.0 0.0.0.255
access-list 1 permit 10.0.40.0 0.0.0.255
access-list 1 permit any
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 24 permit 0.0.0.0
access-list 101 permit ip 10.0.10.0 0.0.0.255 192.168.0.0 0.0.0.255
no cdp advertise-v2
no cdp log mismatch duplex
no cdp run

!
!
!
!
!
control-plane
!
banner login ^CCCCCC
#####################################################################################
# UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED #
# You must have explicit, authorized permission to access or configure this device. #
# Unauthorized attempts and actions to access or use this system #
# may result in civil and/or criminal penalties. #
# All activities performed on this device are logged and monitored. #
#####################################################################################

^C
!
line con 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 30 0
privilege level 15
password XXXXXXXXXXXXXX
login local
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
scheduler interval 500
end

Labels:
0 Helpful
1 Reply 1

cgarlick1972
Level 1
Level 1

‎11-11-2024 10:11 AM

(I just realized I have connection from 10.0.10.0 to 10.0.40.252 now)

0 Helpful
Customers Also Viewed These Support Documents