Wondering if someone can share some knowledge, its the first time I've had to do this with a cisco router. I need to forward specific ports to the internal ip 192.168.1.2;
UDP 15001-15200
TCP 15001
I have a standard ADSL model set to bridged mode, a Cisco 1841 connected. Internet traffic is flowing as expected, nat works, I can ping the internal ip, I just can't get port fowarding working from external sources. My acl outside_in is working as I can enable/disable telnet to the router just fine. HELP!
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool GUEST
import all
network 192.168.1.0 255.255.255.0
dns-server ISP_DNS_SERVER_IP_ADDRESS
default-router 192.168.1.1
lease 5
!
!
interface FastEthernet0
description ADSL WAN
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet3
switchport access vlan 14
!
interface Vlan1
no ip address
!
interface Vlan14
description GUEST
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer1
description PPPoE Dialer
ip address negotiated
ip access-group outside_in in
no ip redirects
ip nat outside
ip virtual-reassembly
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname PPPOE_USERNAME
ppp chap password 7 PPPOE_ENCRYPTED_PASSWORD
ppp ipcp route default
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 ISP_DEFAULT_GATEWAY_IP_ADDRESS
!
!
ip nat pool port_forward 192.168.1.2 192.168.1.2 netmask 255.255.255.0 type rotary
ip nat inside source list nat_inside_out interface Dialer1 overload
ip nat inside destination list port_forward pool port_forward
!
ip access-list extended nat_inside_out
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended outside_in
remark Basic Firewall
permit icmp any any
permit udp any eq domain host ISP_PUBLIC_IP_ADDRESS
permit tcp any host ISP_PUBLIC_IP_ADDRESS established
permit tcp any any eq 23
deny ip any any
!
ip access-list extended port_forward
permit udp any any range 15001 15200
permit tcp any any eq 15001
!
!