Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to configure NAT/PAT on Cisco router

Status
Not open for further replies.

Glloq007

Technical User
Nov 22, 2005
22
LU
Hi all,

Does somebody could help me to solve my problem?
I’d like to know how to configure a Cisco router 837 to forward all incoming traffic from Internet to my Linux station connected to the Ethernet interface.
One port is more interesting for me than the others. It’s the port 55555.

The router is connected to Internet towards ADSL connection with Dynamic IP address.
Currently, the router is configured with IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.2(13)ZH2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Thanks for your help,

Serge
 
We will need to see your configs. so post your configs without any password.
 
version 12.2
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname portim-063576968
!
logging queue-limit 100
logging buffered 16000 debugging
no logging console
!
aaa new-model
!
!
aaa authentication fail-message 


aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
aaa session-id common
ip subnet-zero
ip tftp source-interface Loopback1
no ip domain lookup
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
vc-class atm Office
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
!
interface Loopback0
ip address 212.79.76.19 255.255.255.255
!
interface Loopback1
ip address 172.21.79.149 255.255.255.255
!
interface Ethernet0
ip address 172.31.173.161 255.255.255.0
ip accounting output-packets
ip nat inside
load-interval 30
no keepalive
hold-queue 32 in
hold-queue 100 out
!
interface ATM0
description Cisco 837 BiLAN OFFICE
no ip address
load-interval 30
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
!
interface ATM0.1 point-to-point
description BiLAN OFFICE 063576146 rack51/1, carte4, porte1
ip unnumbered Loopback0
ip nat outside
pvc 8/35
class-vc Office
!
!
ip nat inside source list 2 interface Loopback0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip tacacs source-interface Loopback1
no ip http server
no ip http secure-server
!
logging facility local6
logging source-interface Loopback1
logging 195.13.20.197
access-list 2 permit 172.31.173.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 79 permit 195.13.28.153
access-list 79 permit 195.13.28.131
access-list 79 permit 172.21.0.227
access-list 79 permit 172.18.15.9
access-list 79 permit 172.31.173.0 0.0.0.255
access-list 79 deny any log
access-list 81 permit 172.21.65.153
access-list 81 permit 172.18.223.8
access-list 81 permit 172.21.65.143
access-list 81 permit 172.31.0.63
access-list 81 permit 194.78.56.28
access-list 81 permit 172.21.65.67
access-list 81 permit 172.28.3.89
access-list 81 permit 172.31.0.64
access-list 81 permit 172.21.65.144 0.0.0.7
access-list 81 permit 172.21.21.0 0.0.0.255
access-list 81 permit 172.18.14.48 0.0.0.15
access-list 81 permit 212.79.85.216 0.0.0.7
access-list 81 permit 212.79.84.0 0.0.0.15
access-list 81 permit 212.79.85.0 0.0.0.15
access-list 81 permit 195.13.28.0 0.0.0.255
access-list 81 permit 195.13.20.0 0.0.0.255
access-list 81 permit 194.78.56.0 0.0.0.15
access-list 81 permit 172.18.15.0 0.0.0.15
access-list 81 deny any log
access-list 82 permit 194.78.56.28
access-list 82 permit 195.13.28.128 0.0.0.31
access-list 82 permit 195.13.20.0 0.0.0.255
access-list 82 permit 194.78.56.0 0.0.0.15
access-list 82 permit 172.18.15.0 0.0.0.15
access-list 82 deny any
access-list 85 permit 195.13.28.158
access-list 85 permit 172.18.15.7
access-list 85 deny any
access-list 89 permit 194.78.56.28
access-list 89 permit 195.13.28.128 0.0.0.31
access-list 89 permit 195.13.20.0 0.0.0.255
access-list 89 permit 194.78.56.0 0.0.0.15
access-list 89 permit 172.18.15.0 0.0.0.15
access-list 89 permit any log
tacacs-server host 195.13.20.193
tacacs-server directed-request
tacacs-server key bilan
privilege exec level 10 telnet
privilege exec level 10 traceroute
privilege exec level 10 ping
privilege exec level 10 show running-config
privilege exec level 10 show configuration
privilege exec level 10 show
privilege exec level 10 clear ip accounting
privilege exec level 10 clear ip
privilege exec level 10 clear
!
line con 0
exec-timeout 0 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
exec-timeout 120 0
!
scheduler max-task-time 5000
!
end
 
Does your internet access work? and you just want to forward port 55555 to an ip behind the router?
 
Yes the Internet connection works well.
Perhaps I will have to forward other ports. I don't know at this time.
 
well for example let use ip 10.10.10.2 :

ip nat inside source static tcp 10.10.10.2 55555 interface LoopBack0 55555 extendable


the extendable command is optional if you IOS has it.
 
Thank's for your fast reply.
But what's the IP 10.10.10.2 ?
I suppose that you mean that it belong to the Linux server ?
This morning I read the doc from Cisco web site. It was not clear for me the difference between inside local, outside local, inside global and outside global addresses.
 
its just for example so change it for what ever ip you linux server is using.
 
Thanks, I will test it once I'll be on customer site.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top