05-17-2010 03:31 PM - edited 03-04-2019 08:30 AM
my router needs to forward our ext. ip 63.77.xxx.xxx port 21 to our ftp server 192.168.0.240 can anyone put that into a coded line for me? the tutorils page was anything but helpful... i also figured out how to SET dns entries, but i cant figure out how to set the default one, or remove the entries that i don't need.
Solved! Go to Solution.
05-17-2010 03:36 PM
Hi,
ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21
The above command will make the router to forward TCP traffic received on IP 63.77.xxx.xxx on port 21 to IP 192.168.0.240 on port 21.
Is this what you need?
Federico.
05-17-2010 04:06 PM
Alex,
You said that you placed a NAT entry on the router that mess things up.
If you're not sure about the line you enter, do this:
sh run | i ip nat
The output will show the related NAT statements on the router.
You should be able to see the rule you entered that caused the problem and remove it by entering the same line with the word ''no'' in front.
Federico.
05-17-2010 04:42 PM
The router is not going to tell the clients which DNS to use.
This happens only if the router itself is the DHCP server for the clients.
If the router is not a DHCP server, then the clients are obtaining their DNS from somewhere else (another server or manually)
Check the ipconfig on the machines.
Do they get a DNS statically or automatically?
What is the role of the router on this?
Federico.
05-17-2010 03:36 PM
Hi,
ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21
The above command will make the router to forward TCP traffic received on IP 63.77.xxx.xxx on port 21 to IP 192.168.0.240 on port 21.
Is this what you need?
Federico.
05-17-2010 03:46 PM
ok, so i have a few questions here, heres my configuration:
Latitude#sh run
Building configuration...
Current configuration : 1313 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Latitude
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jm7D$2033ztdVu9JCQJHmqXa18/
enable password lattitude
!
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
ip name-server 67.50.43.18
ip name-server 208.67.222.222
ip name-server 192.168.0.240
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
!
interface FastEthernet0/1
ip address 63.77.110.171 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 63.77.110.1
!
!
ip http server
no ip http secure-server
ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24
ip nat inside source list 1 pool overload overload
ip nat inside source static tcp 63.77.110.172 21 192.168.0.240 21 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
password lattitude
login
!
ntp clock-period 17208029
ntp server 67.50.43.18
!
end
1 its up and working,however i attempted to map my ftp server through the router, and now i cant see the server on the network : ( (i probably need to just remove the entry but dont know how)
2 i need to remove some of the entries in my DNS field.
3 i need to map some ports through the NAT to allow an FTP server, web server, and remote desktop connections.
Message was edited by: Alex Bartz
05-17-2010 03:48 PM
Alex,
If the command you inserted caused any problem, just remove it with the ''no'' keyword before the command:
no ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21
If everything is back to the way it was, please specify clearly what you need to accomplish.
Also, you just post a part of the config and not the entire ''sh run''
Federico.
05-17-2010 03:55 PM
my apologies, this is literally the first time ive messed with a cisco product, or any telnet interface for that matter, however im under some pressure to get this thing going so your patience and understanding is worth a million thanks
i placed a NAT entry in my router trying to forward some ports with an internet article, and right after i did the cntrl+z thing i couldnt access the server i was trying to get mapped. can you help me find, and delete the entry i made?
05-17-2010 03:57 PM
What was the entry you made?
Federico.
05-17-2010 04:03 PM
how would i figure that out? lol im so sorry i bet this is a huge pain. i have the manual for configuring cisco devices that ill be reading here soon but i have to have everything setup like 2 hours ago...
05-17-2010 04:06 PM
Alex,
You said that you placed a NAT entry on the router that mess things up.
If you're not sure about the line you enter, do this:
sh run | i ip nat
The output will show the related NAT statements on the router.
You should be able to see the rule you entered that caused the problem and remove it by entering the same line with the word ''no'' in front.
Federico.
05-17-2010 04:15 PM
ok, i think i got it, man cisco make a freakin GUI for us non L33Ts!
05-17-2010 04:20 PM
Alex,
Which entry do you want to get rid of?
no ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24
no ip nat inside source list 1 pool overload overload
no ip nat inside source static tcp 192.168.0.240 21 63.77.110.172 21 extendable
If you're not sure, you might just blow out the entire NAT configuration and start over.
What do you want to do?
Federico.
05-17-2010 04:23 PM
i got that part, now how would i set the first DNS server to 192.168.0.240? i already have it in the list, but its not default
05-17-2010 04:31 PM
Alex,
You mean the DNS server for the router itself?
If so, you can remove the DNS servers already specified:
no ip name-server 67.50.43.18
no ip name-server 208.67.222.222
no ip name-server 192.168.0.240
And enter the DNS server that you want.
Or, do you want the router to assign a DNS to the LAN?
Federico.
05-17-2010 04:38 PM
im using active directory, so it would need to tell clients to use 192.168.0.240 and it itself should be using 208.67.222.222 (open dns)
the ftp server worked before i switched routers, so its definately an issue im having with the router, why wont the ftp nat entry i put in work? do i need to apply something?
05-17-2010 04:42 PM
The router is not going to tell the clients which DNS to use.
This happens only if the router itself is the DHCP server for the clients.
If the router is not a DHCP server, then the clients are obtaining their DNS from somewhere else (another server or manually)
Check the ipconfig on the machines.
Do they get a DNS statically or automatically?
What is the role of the router on this?
Federico.
05-17-2010 04:50 PM
oh oh ok heh yes my server is doing all the dhcp functions, so no need there. i just need the first ip address that it looks for to be 192.168.0.240 and the second one for redundancy to be 208.67.222.222 so i know its set right, then i need to troubleshoot why in the world that port map didnt work? any thoughts? heres the configuration:
Latitude#sh run
Building configuration...
Current configuration : 1348 bytes
!
! Last configuration change at 17:24:31 MDT Mon May 17 2010
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Latitude
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$jm7D$2033ztdVu9JCQJHmqXa18/
enable password ********
!
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
ip name-server 208.67.222.222
ip name-server 192.168.0.240
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
!
interface FastEthernet0/1
ip address 63.77.110.171 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 63.77.110.1
!
!
ip http server
no ip http secure-server
ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24
ip nat inside source list 1 pool overload overload
ip nat inside source static tcp 192.168.0.240 21 63.77.110.172 21 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
control-plane
line con 0
line aux 0
line vty 0 4
password lattitude
login
!
ntp clock-period 17208029
ntp server 67.50.43.18
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide