2611 DHCP IP to static DMZ host

[SWFLHosting]

My question if the following:

can I create a DMZ host with a static map based on an IP address I got off a DHCP server?


here is what i got:

External IP | device | Internal
--------------------------------------------
{pvc #/#} | DSL modem | 68.54.198.x
68.54.198.xEth0/1 | Cisco2611 | 10.0.0.1 Eth0/0 (*1)*NAT
10.0.0.1-.254 | switch | 10.0.0.1-.254 (*2)



(*1) The Ethernet with the public IP comes in on Eth0/1 & the data exits the router to the Internal network on Eth0/0
(*2) Workstations & Servers



The following is what I'd like to do:

External IP | device | Internal
--------------------------------------------
{pvc #/#} | DSL modem | 68.54.198.x
68.54.198.xEth0/1 | Cisco2611 | 10.0.0.1 Eth0/0 (*1)*NAT
10.0.0.100 | Win2003_Serv. | 10.0.0.100-.254 (*2)
10.0.0.101-.254 | switch | 10.0.0.101-.254

(*1) The Ethernet with the public IP comes in on Eth0/1 & the data exits the router to the Internal network on Eth0/0 & makes the 10.0.0.100 the DMZ node for full access.
(*2) Have a DMZ Win2003 Server for Remote Access & Web/Mail Services.






now the issue is that I get my IP address from my ISP via DHCP ....

so I wouldn't be able to create a static map for several reasons, 1 being that I only receive 1 IP address to begin with & the other is due to my IP constantly changing.

excert from my office T1:
ip nat inside source list 1 interface Serial0.1 overload
ip nat inside source static 192.168.xx.xx 64.200.xx.xx



The ABOVE I wouldn't be able to do, but I'm wondering if I couldn't have it looking like this:


ip nat inside source list 1 interface Ethernet0/1 overload
ip nat inside source static 10.0.0.100 0002.16d4.75c1

where " 0002.16d4.75c1" is the hardware address of Eth0/1 - NIC to external cable modem. - would this be able to take the then DHCP assigned IP address off the hardware address & be able to forward as the DMZ host ?!

 

[pc2mike]

You can do this with an interface as well...
ie.
ip nat inside source static [tcp/udp] 10.0.0.100 [port] interface [interface-type] [port]

or lets say you wanted to do web traffic to your 10.0.0.100 address...
ip nat inside source static tcp 10.0.0.100 80 interface dialer0 80

Hope this helps.

If you still have problems, post a copy of your config.

Mike

 

[SWFLHosting]

MarcoHomeNet_Router#sh run
Building configuration...

Current configuration : 2470 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MarcoHomeNet_Router
!
enable secret 5 <myencryptedpswd>
!
ip subnet-zero
!
!
no ip domain-lookup
ip dhcp excluded-address 10.0.1.1 10.0.1.100
!
ip dhcp pool 1
network 10.0.1.0 255.255.255.0
domain-name marcohome.net
default-router 10.0.1.254
dns-server 68.54.32.5 68.54.32.6
!
ip audit notify log
ip audit po max-events 100
!
bridge irb
!
!
interface Ethernet0/0
description connected to HP - ProCurve 4000M
ip address 10.0.1.254 255.255.255.0
ip nat inside
no ip mroute-cache
half-duplex
!
interface Serial0/0
no ip address
shutdown
!
interface Ethernet0/1
description connected to COMCAST HIGHSPEED CABLE MODEM
ip address dhcp
ip nat outside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/1
network 10.0.0.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1
ip http server
!
access-list 1 permit 10.0.1.0 0.0.0.255
snmp-server community readRO
snmp-server community write RW
snmp-server location Fort Myers, FL
snmp-server contact sure
snmp-server enable traps tty
banner motd ^CC>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
** MARCO PRECHEL **
** This system is for authorized use only. Individuals using this **
** computer system without authority, or in excess of their **
** authority, are subject to having all of their activities on this **
** system monitored and recorded by system personnel. In the course **
** of monitoring individuals improperly using this system, or in the **
** course of system maintenance, the activities of authorized users **
** may be monitored, Anyone using this system expressly consents to **
** such monitoring and is advised that if such monitoring reveals **
** possible evidence of criminal activity, system personnel may **
** provide evidence of such monitoring to law enforcement officials. **
** **
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

^C
!
line con 0
exec-timeout 0 0
password <mypswd>
login
line aux 0
line vty 0 4
password <mypswd>
login
!
end

 

[SWFLHosting]

OK, i got the concept of port forwarding, however is there an option to forward all ports? DMZ node ....


I use the eth0/1 as the external interface:
ip nat inside source static tcp 10.0.1.1 80 interface ethernet0/1 80