cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3932
Views
0
Helpful
6
Replies

Nat every port on a public IP to particular port on private IP?

ciscohamid
Level 1
Level 1

Need to NAT all ports on a given public IP to a particular port on a private IP ,on router platform.

for example.    Public IP 1.1.1.1 ports 1-65XXX get forwarded to Private IP 10.1.1.1 port 8888.

Thanks and Regards.

6 Replies 6

Ganesh Hariharan
VIP Alumni
VIP Alumni

Need to NAT all ports on a given public IP to a particular port on a private IP ,on router platform.

for example.    Public IP 1.1.1.1 ports 1-65XXX get forwarded to Private IP 10.1.1.1 port 8888.

Thanks and Regards.

Check out the below link for port forwarding using nat

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Calin C.
Level 5
Level 5

Hi there!

You configure like this.

On the public interface (1.1.1.1)

ip nat outside

On the internat interface (10.1.1.x)

ip nat inside

then

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 8888 extendable

This one to one port translation,

Now, either you want this, either you type wrong something, but if you need all the porst 1-65535 to be forwarded to one internal IP, that's more a DMZ concept and you can achieve it like this:

ip nat inside source static 10.1.1.1 1.1.1.1

Then everything what's coming to external 10.1.1.1 is forwarded automatically 1.1.1.1

I hope this helps!

ciscohamid
Level 1
Level 1

Thank you guys for your reply , but you didnt get it right what i wanted to convey .

in case of static nat ,there will be a one-to-one mapping between  ports ,like 1.1.1.1:8080 translates to corresponding port 10.1.1.1:8080.

8888 to 8888

9999 to 9999

etc.

but what i am looking for is , every port on the public IP gets translated to a particular port on the private IP like

8888 to 8888

9999 to 8888

80     to 8888

etc

I hope i am clear this time.

Thanks.

Maybe it's not my business, but why you want such thing?

That would mean that everything which arrives on the NAT router (TCP, UDP, different ports and so on...) will be forwarded to one internal IP on one port (10.1.1.1:8888 if you want). What application / process can you run on 10.1.1.1 to listen on 8888 and to understand all traffic?

Now, if you use:

ip nat inside source static 10.1.1.1 1.1.1.1

You will forward all the traffic to 1.1.1.1, but you cannot control the ports, as the decision is at L3

With:

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 8888 extendable

You are making the decision at L4 and you can control the ports, but you need about 65356 rules, multiply by 2 (TCP and UDP) if you want ALL the ports.

Of course for 3-4 ports is ok, and I would be something like this:

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 8888 extendable

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 80 extendable

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 9999 extendable

I don't know Cisco to support a command like:

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 1-65535 extendable

Calin

Dear calin,

i appreciate your input,Thanks

Anyone else would like to add something towards the resolution of this task.

Thanks

Calin already gave you a resolution

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 1 extendable

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 2 extendable

ip nat inside source static tcp 10.1.1.1 8888 1.1.1.1 3 extendable

Do the same for all ports till 65535 and do the same all over for UDP. I guess by this time your router DRAM would be crying and your NVRAM would be shot to hell.

The reason why there's no easier way to do this is because no one wants to do this. The requirement is ridiculous, because no application works like this.

If you have specific requirements, it would be better if you develop your own OS for this (or maybe a new OSI standard)

Review Cisco Networking for a $25 gift card