NAT TCP Destination

jfbesnardeau · ‎10-20-2004

I have a server on Internet and this server heard on TCP port 2003. In my LAN, a PC client with an old program not modifable sends the traffic to this Internet server on TCP destination port 21.

Is it possible to translate a tcp destination port with a router 1760 with IOS 12.3.8 ?

Thanks a lot,

marinos_g · ‎10-20-2004

I assume port 21 is not a lucky guess and you want to use FTP.

Here is a good link about Using Non-Standard FTP Port Numbers with NAT

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e76.shtml#s1

The syntax you need is like:

ip nat service list 10 ftp tcp port 2003

Regards

Marinos

marinos_g · ‎10-20-2004

Just to add, you'll need to configure the access-list as well, as explained in the document:

ip nat service list 10 ftp tcp port 2003

access-list 10 permit 10.1.1.1

In this example the ip 10.1.1.1 is the FTP server listening to 2003 port

jfbesnardeau · ‎10-20-2004

With this command, we need to assume that the FTP server is running in my local network.

In my case, the Internet server isn't in my office.

In fact, the protocole used is not FTP but is using tcp 21.

I need to modify the destination port of the traffic from my client.

marinos_g · ‎10-20-2004

So, it's not FTP but another protocol that also uses tcp port 21. I don't know what this could be or if it will cause us any trouble.

Also the server is not on your LAN but on the internet.

Maybe something like this will work

!

interface fa0/0

description Connection to INTERNET

ip address 213.54.44.1 255.255.255.252

ip nat outside

!

interface fa0/1

description Connection to LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

ip nat inside source static tcp 192.168.1.200 21 213.23.122.32 2003

where:

192.168.1.200: LAN PC with software (port 21)

213.23.122.32: internet server (port 2003)

You thing something like this might work?

Marinos