09-01-2018 02:46 PM - edited 03-05-2019 10:53 AM
From what I’ve managed to read in various threads that a search returned, I need to “forward a port.”
Problem is that none of the following threads I read:
https://community.cisco.com/t5/routing/port-forwarding-nat/td-p/2102914
https://community.cisco.com/t5/switching/cisco-4331-router-port-forwarding-outside-nat-not-pinging/td-p/3082126
https://community.cisco.com/t5/switching/how-to-enable-port-forwarding-to-get-some-tcp-services/td-p/2817115
https://community.cisco.com/t5/routing/port-forwarding/td-p/1490550
Make any sense to me whatsoever – I understand absolutely nothing about they are talking about.
For example, in the first link someone gives an example of YY as the interface dialer number – problem is when I tried that example, I have no clue at to what number my dialer is/what I should use, of it applies to me even though my understanding is that my PPPoE interface that is connected with an ethernet patch cable is still called ‘a dialer’. (I literally typed in YY the first time I tried it.)]
I need to open ports 81, 8001, and 10554 on a 4321 and I am desperate and at my wits end.
Is there an IOS command that goes like this “open port 8001”? (This is the level of simplicity that I need.)
Below is my current running config (and I don’t even understand what 99% of it means – I trying to communicate that if anyone can help, please keep it very very simple.)
This is so that the boss can access the security cameras from whatever location he is at.
- The NVR’s IP address is 192.168.2.234
- The Gateway/Router’s address is 192.168.2.254 on GigabitEthernet0/0/1 and the IP address of the store is whatever the ISP assigns when the unit is rebooted on occasion due to a power outage etc.
There may have been an attempt to open port 8001 but I don't know if any 'code snippets' are left over in the follow config from that attempt, but I know that the attempt did not work:
Carlton_Router#show config
Using 2411 out of 33554432 bytes
!
! Last configuration change at 15:47:16 GMT Mon Jul 2 2018 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Carlton_Router
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$d2AV$.x62c8AIL9dVKFN/m1Q61.
enable password Xxxxx
!
no aaa new-model
ethernet lmi global
no process cpu autoprofile hog
clock timezone GMT -5 0
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.254
!
ip dhcp pool Carlton
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO21112KP2
!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$w/4P$sd2z6NvcAOHTKWR.QHRzU0
!
redundancy
mode none
!
!
no cdp run
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.2.254 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.2.245 255.255.255.0
negotiation auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname dlftzcr3@bellnet.ca
ppp chap password 0 nVSLJRc4
ppp pap sent-username dlftzcr3@bellnet.ca password 0 nVSLJRc4
no cdp enable
!
ip nat inside source list NAT interface Dialer1 overload
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip access-list extended NAT
permit icmp 192.168.2.0 0.0.0.255 any
permit udp 192.168.2.0 0.0.0.255 any
permit tcp 192.168.2.0 0.0.0.255 any
!
access-list 101 permit ip any any
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
transport output telnet
!
!
end
Carlton_Router#
Thank you in advance for any help.
09-02-2018 02:12 AM
Need some clarification here :
You want to open below ports from Internet to internal network to this IP (NVR’s IP address is 192.168.2.234) ?
I need to open ports 81, 8001, and 10554 on a 4321
From where your boss try to access (NVR’s IP address is 192.168.2.234) from internet or from LAN ?
09-03-2018 03:02 PM
@balaji.bandi wrote:
Need some clarification here :
You want to open below ports from Internet to internal network to this IP (NVR’s IP address is 192.168.2.234) ?
I need to open ports 81, 8001, and 10554 on a 4321
From where your boss try to access (NVR’s IP address is 192.168.2.234) from internet or from LAN ?
09-02-2018 09:13 PM - edited 09-02-2018 09:19 PM
09-03-2018 03:32 PM - edited 09-03-2018 03:39 PM
For some reason I can't see the text of your message here (but it is the email that notified me you responded.)
I'll C&P the relevant portion from the email:
"ip nat inside source static tcp 192.168.2.240 80 interface dialer 1 80
In this example we told the router to publish 192.168.2.240:80 as negotiatedIPFromISP:80
It means, if external users browse: http://yourPublishIP , they'll see your web site."
My response to the above I pray that it works:
09-03-2018 11:30 PM
Where is the text??? :)))
Yes. I just wanted to explain STATIC NAT with a simple example.
You should change ports to your own. Sometimes you can Listen on different port and redirect it to other one ( some technical and security reasons ). Ex:
Ip nat inside source static tcp 192.168.2.1 443 interface dialer 1 8080
This means : You listen on port 8080 and redirect it to 443 ( It's just an example. Try to forget it if you are a beginner )
Again, YES. If you have different ports, you can have different NAT Statement.
09-07-2018 04:37 AM - edited 09-07-2018 04:42 AM
09-07-2018 09:14 AM
You need to give access from right from internet router to end point
as example :
Internet ---DSL you need to forward here ---your local router (same here) -Switch -Camera
when you scan it will be dropped at DSL router end.
09-07-2018 01:08 PM - edited 09-07-2018 01:17 PM
@balaji.bandi wrote:
You need to give access from right from internet router to end point
as example :
Internet ---DSL you need to forward here ---your local router (same here) -Switch -Camera
when you scan it will be dropped at DSL router end.
09-16-2018 11:18 AM
Bump.
Seriously, no one knows how to open a post on a 4321?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide