NAT - Forward all ports but two ports On Router cisco

gfgfgf · ‎06-03-2018

Hi Everyone,

i have two router 1941 cisco :

I Want Forward ِAll Ports On R2 To 10.0.0.250 and Except the two ports 22 and 161 tcp/udp to gig0/0 209.165.100.30 from PC 192.168.1.100 ?

Details :

from pc 192.168.1.100 ---> to ServerWeb 10.0.0.250 ( forward all port but two ports 161 and 22 )

from pc 192.168.1.100 ---> to R2 ( forward two ports 161 and 22 )

Thanks.

Georg Pauwen · ‎06-04-2018

Hello,

for the first part:

from pc 192.168.1.100 ---> to ServerWeb 10.0.0.250 ( forward all port but two ports 161 and 22 )

use an access list and specify that as your NAT source:

access-list 101 deny tcp host 192.168.1.100 eq 161 host 10.0.0.250 eq 161
access-list 101 deny tcp host 192.168.1.100 eq 22 host 10.0.0.250 eq 22
access-list 101 permit ip host 192.168.1.100 host 10.0.0.250

For the second part:

from pc 192.168.1.100 ---> to R2 ( forward two ports 161 and 22 )

you want to forward those two ports to the router itself ?

gfgfgf · ‎06-04-2018

Hello Georg,

Thank you for your reply,

you want to forward those two ports to the router itself ?

yes my dear.

Best regards,

Georg Pauwen · ‎06-13-2018

Sorry for my late reply. What is the source, that is, where do you want those two ports being forwarded from ? If they only go to the router, you don't need NAT...(?).

paul driver · ‎06-05-2018

Hello

You mention Port forwarding but then in your title you state NAT PF, Then in your post detail you state private addressing:

"I Want Forward ِAll Ports On R2 To 10.0.0.250 and Except the two ports 22 and 161 tcp/udp to gig0/0 209.165.100.30 from PC 192.168.1.100 ?

from pc 192.168.1.100 ---> to ServerWeb 10.0.0.250 ( forward all port but two ports 161 and 22 )

from pc 192.168.1.100 ---> to R2 ( forward two ports 161 and 22 )"

So internally 192.168.1.100 should be able to reach the web server anyway, and I am assuming 209.165.100.30 is one of you inside global addressing if so then externally you need some static address translation for the PF

ip nat inside source static tcp 10.0.0.250 80 interface gig0/0 80 extendable
ip nat inside source static tcp 10.0.0.250 443 interface gig0/0 443 extendable
ip nat inside source static tcp 192.168.1.100 22 209.165.100.20 22 extendable
ip nat inside source static tcp 192.168.1.100 161 209.165.100.20 161 extendable

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gfgfgf · ‎06-05-2018

Thank you paul driver,

Yes , 209.165.100.30 is one of you inside global addressing

I Want:

1- Forward ِAll Ports On R2 from outside g0/0 To 10.0.0.250 but two ports 22 and 161 Not to 10.0.0.250

2- Forward ِtwo ports 22 and 161 to the router2 itself from outside g0/0

Best regards,

paul driver · ‎06-05-2018

Hello

okay !

have you tried adding the static nat rules I precisely posted?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

gfgfgf · ‎06-05-2018

Hi dear...

but i want forword all ports to web server but two port 22 and 161 ?

I will do the necessary. I'll come back. if needed. Then I'll close the posts

Thank you very much,