cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1793
Views
0
Helpful
17
Replies
neilmac
Beginner

Port Forwarding inbound question - advice please

Hi folks.

I have what I think must be a simple config request, I am sure someone can solve this in no time.

I have a non-cisco router with a public WAN address. This is conencted to a 3750 switch internally. The switch is the default gateway for all VLANs, and the gateway router has static routes back to the 3750. The Router provides NAT, no NAT is done on the switch.

My requirement is to port forward port 29 000 so that I can access a server on VLAN4 via this port.

So, I have:

Router: Port 29000 map to 192.168.4.1 (Switch VLAN4 address)

The question is, how do I route port 29000 from the 3750 to the server on 192.168.4.42 ?

I have the following relevant details:

interface Vlan4

ip address 192.168.4.1 255.255.255.0

ip access-group 104 in

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.2.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.5.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.6.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.7.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.9.0 0.0.0.255

access-list 104 deny   ip 192.168.4.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 104 deny   tcp 192.168.4.0 0.0.0.255 host 192.168.4.1 eq telnet

access-list 104 deny   tcp 192.168.4.0 0.0.0.255 host 192.168.4.1 eq www

access-list 104 deny   tcp 192.168.4.0 0.0.0.255 host 192.168.8.1 eq telnet

access-list 104 deny   tcp 192.168.4.0 0.0.0.255 host 192.168.8.1 eq www

access-list 104 deny   tcp 192.168.4.0 0.0.0.255 host 192.168.8.10 eq www

access-list 104 permit ip any any

So, I want to add a line something like

ip source static tcp 192.168.4.42 29000

However I don't know the syntax well enough.

Please would you advise me on what exactly I should add in order to port forward port 29000 incoming form my router, to my server on 192.168.4.42.

Many thanks in advance,

NM

3 ACCEPTED SOLUTIONS

Accepted Solutions

Hi NM

as you have permitted all traffic other than the subnets of inside network. on switch wise u dont need to do anything.

permit IP any any

check on the router side as suggested by naidu. NAT/PAT prob.

View solution in original post

Hi NM,

It is nothing to do with internal or between vlans as you want the server needs to be accessible from internet on the port 29000. So the way is NAT.

You said in your first post that "The Router provides NAT" what is that router model. Check if you can do NAT on that.

And for your information your 3750 switch which is gateway for your all VLAN's doesnt support NAT.


Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

Hi,

Yes it will be like that.
You have a default route 0.0.0.0 0.0.0.0 non-cisco-router-wanIP right?

If the router support NAT then why cant you check if you can configure NAT for this requirement.
What is that router model?


Please rate the helpfull posts.
Regards,
Naidu.

View solution in original post

17 REPLIES 17
Latchum Naidu
Engager

Hi,

What do you mean exactly "port 29000 from the 3750 to the server on 192.168.4.42"
Do you want accept the request from other networks to 192.168.4.42 on port 2900?


Please rate the helpfull posts.
Regards,
Naidu.

I have a device out here on the internet that needs to access my internal server, 192.168.4.42, on port 29000.

192.168.4.42 runs a monitoring program I need to be able to connect to from the WAN.

So,

Incoming traffic on port 29000 from my client pc out here in the remote office: http://WAN_IP:29000

    I

     I

    V

WAN with public IP address

NON Cisco Router - incoming traffic UDP port 29000 is forwarded to 192.168.4.1

LAN

      I

     I

    V

Cisco 3570, gateway for all VLANS, NON NAT Router.

INT VLAN 4 192.168.4.1

     I

     I

    V

Server 192.168.4.42 listening on port 29000

Should be easy ?

NM

Hi,

You cleared us now what you are going to achieve.
In that case you need to configure a static NAT with a specific public IP on your router to do this port forwarding from internet to your internal server.

If the router is Cisco then the static nat should configure like below...

ip nat inside source static tcp 192.168.4.42 29000 public_ip 29000 extendable


Please rate the helpfull posts.
Regards,
Naidu.

Hi NM

As the switch is doing intervaln routing

if you want to access the server from one vlanX to vlan4 .

just give  destination ip  with port number inside the interface vlan 4.

ex:

access-list 101 permit tcp 192.168.4.0 0.0.0.255 host eq 29000

If u have the access list at destination subnet interface vlan X.

give a permi rule to reach vlan 4 of host 192.168.4.42 on port 29000

please rate the helpful posts

regards

sreek

Srikanth,

He want the server accessble from internet on the required port which is possible with NAT/PAT.
Please read carefully the original post for better understand


Please rate the helpfull posts.
Regards,
Naidu.

Yeah, but the router is NOT Cisco, and is not the gateway for the vlans.

I have port forwarded port 29000 from the router to 192.168.4.1 which is the 3750. Now I need to know how to get it to 192.168.4.42.

The inter VLAN routing is done at the 3750.

The 3750 is not doing NAT, just routing.

The WAN router has default routes to route each subnet back to the 3750.

NM

Hmm, not sure about this.

Here are my access lists, please would you suggest how I should amend it ?

Thanks again

!

ip subnet zero

ip routing

!

xxxx- non relevant details removed-xxxx

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip access-group 101 in

!

interface Vlan2

ip address 192.168.2.1 255.255.255.0

ip access-group 102 in

!

interface Vlan3