Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2600 Port Redirection/Forwording 1

Status
Not open for further replies.
plexter

plexter

Technical User
Nov 4, 2006
16
US
Hello,

I am trying to figure out how to redirect a range of ports to one of my internal servers (on a private address) from the internet. In my situation I want to open up quite a lot of ports which will be used for FTP PASV connections.

[internal FTP PASV server] <--> [Cisco 2600 NAT] <--> [INTERNET]

I understand how to use NAT to redirect a single port but this just wont work for a range as well it would be quite time consuming to install for each of the PASV ports!

NAT way: IP NAT inside source static tcp IP PORT INTERFACE/IP PORT

So please if anyone knows how I can achieve this please let me know.

Thanks :)
 
Sort by date Sort by votes
You will probably be better of just assigning a spare public IP address to the server in question and then building a standard static NAT translation as follows:

ip nat inside source static a.b.c.d w.x.y.z

where a.b.c.d is your server's internal IP and w.x.y.z. is a spare public IP
 
Upvote 0 Downvote
Thats assuming I have one :p

I suppose its possible to work that into my current configuration. Than again assigning a public IP to everything kind of defeats the whole point of NAT. But I mean surely its possible to forward a range of ports. This "feature" is available on any home "router" I just cant see Cisco not including this almost manditory feature!

Do you know how to do this regardless?

Please let me know,
Thanks for the reply :)



 
Upvote 0 Downvote
I'm not convinced you can do this and I don't have a Cisco box in front of me at the moment to give it a whirl. I did however have an idea that may work - *may* being the operative work here. This idea is meant to be used for another function of Cisco networking but it may work for you. Try the following:

ip nat pool ft a.b.c.d a.b.c.d netmask 255.255.255.0 type rotary
ip nat inside destination list 100 pool ftp
access-list 100 permit tcp any any range 1023 9999

where a.b.c.d is your internal server's real address.

Let me know how you get on.
 
Upvote 0 Downvote
Wow I had a feeling it would have to do with combining a list with nat, just never could quite put my finger on how! :p

Anyway seems to be working wonderfully. Thank you very much for your help. :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
119
Zero6
Zero6
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
117
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
82
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
279
ADB100
ADB100
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
277
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top