07-12-2007 12:33 AM - edited 03-03-2019 05:50 PM
I've been looking for a solution to forward a port range for months, and I haven't any solution yet.
I am CCNA Certified and CCNP cursed. I've asked to my teachers, in conferences and my isp support. Nobody knows how to do it.
A common task like this, that in every router is so trivial, why is so dificult in Cisco? Is it possible?
Thanks in advance to everybody.
Olaf
07-13-2007 07:32 AM
Hi Wilson,
Yes, I want to PAT inside to outside traffic and forward port range from outside to inside server.
This can be done with "any" router that isp gives you "free". Why can't do it with a specialized and professional router like Cisco 878?
If to do a simple port forwarding I need to buy a PIX FW, i have the impression that something is in the wrong way by Cisco.
Do you mean what I say?
Regards,
Olaf
07-15-2007 10:45 PM
Does anybody know how to force the source ip address of the router when it is accessing internet?
Here is my problem. When router is pinging, the source ip address is the ip of the interface which is nearer the destination. In my case, the public ip.
I need to force that the source ip will be the internal ip (interface vlan1 - 192.168.1.1).
Any advices?
Thanks in advance,
Olaf
07-16-2007 11:05 AM
Olaf,
I know this is not the best resolution but if you stick with the following configuration I think it will work:
ip nat inside source static udp 192.168.99.1 53 interface FastEthernet0/0 53
ip nat inside source static 192.168.99.4 interface FastEthernet0/0
This will allow your router to do dns lookups for all the internal devices. Create the ACL's that you need to protect all remaining ports for the source static 192.168.99.4.
Obviously you will not beable to do all the testing from the inside interface of the router but it is at least a temporary solution.
Rate if this helps.
Thanks,
David
07-17-2007 04:16 AM
Hi David,
I put
ip nat inside source static udp 192.168.1.1 53 interface Dialer1 53
But NAT is doing this
Pro Inside global Inside local Outside local Outside global
udp PublicIP:50076 192.168.99.4:50076 212.145.4.97:53 212.145.4.97:53
So requests are not correctly natted.
With that configuration you mapped requests from external to udp 53 to 192.168.1.1
I see that this hasn't any solution.
It seems incredible.
Thanks and best regards,
Olaf
07-17-2007 05:54 AM
Shouldn't it have been:
ip nat inside source static udp 192.168.99.1 53 interface dialer1 53?
You need that inside source IP to be the ip of the internal interface of your router. That will allow the router to receive dns queiries. You may have to flush all nat translations before this change will take affect.
07-17-2007 09:53 AM
Hi David,
I mistyped the ip nat statement in the forum. The rule is ok.
ip nat inside source static 192.168.99.4 interface Dialer1
ip nat inside source static udp 192.168.99.1 53 interface Dialer1 53
But clearing nat entries and doing ping to whatever domain,
Pro Inside global Inside local Outside local Outside global
udp PublicIP:53 192.168.99.1:53 --- ---
udp PublicIP:54328 192.168.99.4:54328 212.145.4.97:53 212.145.4.97:53
udp PublicIP:56878 192.168.99.4:56878 212.145.4.98:53 212.145.4.98:53
--- PublicIP 192.168.99.4 --- ---
The problem is the source port of queries are mapped with high localports "udp PublicIP:54328" and obviously the ip nat source static entry is mapped to receive dns queries, but router is doing queries, not receiving. Is it clear now?
Best regards,
Olaf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide