Incoming default route to mail server

[GettingIPO]

Help Please
I have just connected to my ISP with a cisco 1600 router. On my previous AVAYA router I set my Primary translation address (Internal) on my live address and all incoming un NATted traffic was sent to my mail server thus giving me mail. How is this achieved on a cisco?

 

[TravisM]

Not sure exactly what you're asking for here. Is the Cisco doing nat? Does the mail server have an internal or external address? If the mail server has a private address and your ISP is sending you a net block then I'd say just give the mail server an IP from that block via nat, set up an ACL and be done with it.

If on the other hand you only have one external address you would just want to forward the appropriate port to the internal destination.

Lastly you may not have this mail server on an internal IP scheme, and it may have a real public address assigned to the card in which case you could plug it up and start routing, set up an ACL to protect it and have a fun time.

Can you clear up a little bit about the situation?

 

[GettingIPO]

Thanks Travis
I have one external address, and my mail server is on and Internal address, my NAT has been setup for me as follows, but it aint working, any ideas I am running a Linux mail server

ip nat inside source list 7 interface Serial0 overload
ip nat inside source static tcp 10.0.0.2 110 interface Ethernet0 110
ip nat inside source static tcp 10.0.0.2 25 interface Ethernet0 25
ip nat inside source static tcp 10.0.0.2 22 interface Ethernet0 22
ip classless
ip route 0.0.0.0 0.0.0.0 - Removed _
ip route 10.0.1.0 255.255.255.0 10.0.0.90
!
access-list 7 permit 10.0.0.0 0.0.0.255
access-list 7 permit 10.0.1.0 0.0.0.255

 

[TravisM]

I see Serial0 and Ethernet0, I'm going to take a shot in the dark and say that Serial0 is your external interface? Is 10.0.0.2 your internal mail server address, if I can ask?

The way the translation is set up right now anything going to your ethernet0 interface on port 25 is getting redirected to port 25 on 10.0.0.2, and that doesn't seem quite right to me.

 

[GettingIPO]

Your shot in the dark is quite right.
Excuse the ignorance but I am new to this Cisco story, if you say any thing going to my Ethernet0 are you refering to LAN side, Internet side or both.

The port 25 side should be right as linux runs a pop mail service and tha works on port 25.

End goal I want all incoming mail traffic from my ISP to be routed to my mail server, for that matter all traffic that is not being masqueraded should be sent to the linux box to be killed.

 

[TravisM]

All the commands redirecting stuff from eth0 need to go then. Make sure that in the config for the serial interface you see this line

ip nat outside

and on the ethernet interface you see

ip nat inside

The command that you want to redirect mail will be

ip nat inside source static tcp 10.0.0.2 25 interface serial0 25

that is of course if your mail servers IP is 10.0.0.2, adjust the command accordingly for other services. Just change the port and/or IP address of where you want it to go.

Not sure about forwarding more stuff on to the mail server for squashing, it would probably be just is good to let the router squash it for traffic that is unknown/unwanted.

 

[GettingIPO]

That did not help, I had no mail register and it killed my internet browsing

 

[TravisM]

You took these out

ip nat inside source static tcp 10.0.0.2 110 interface Ethernet0 110
ip nat inside source static tcp 10.0.0.2 25 interface Ethernet0 25
ip nat inside source static tcp 10.0.0.2 22 interface Ethernet0 22

and it killed your internet browsing?

Your nat should look nearly identical to this to be functional:

ip nat pool inet aa.bb.cc.dd aa.bb.cc.dd netmask aa.bb.cc.dd
ip nat inside source list 7 pool inet overload

The first and second aa.bb.cc.dd should be the ip address of your serial0 interface, the netmask is whatever the netmask is on the int. It's refering to list 7 since that's already setup to permit access for your hosts. This command is built to get you out onto the internet, this is what should be permitting basic services like browsing. The next list is for service redirection I took the info from your above post but modified it to be what would appear to be correct - Since I can't understand why port direction would be applied to the internal interface in this case:

ip nat inside source static tcp 10.0.0.2 110 interface Serial 110
ip nat inside source static tcp 10.0.0.2 25 interface Serial0 25
ip nat inside source static tcp 10.0.0.2 22 interface Serial0 22

Without a peek at the config or the network that's as exact as I can be.

 

[GettingIPO]

I have managed to sort out this problem, my nat table needed to look like this:

ip nat inside source list 7 interface Serial0 overload
ip nat inside source static tcp 10.0.0.2 110 interface Ethernet0 110
ip nat inside source static tcp 10.0.0.2 25 interface Ethernet0 25
ip nat inside source static tcp 10.0.0.2 22 interface Ethernet0 22
ip classless
ip route 0.0.0.0 0.0.0.0 - Removed _
ip route 10.0.1.0 255.255.255.0 10.0.0.90
!
access-list 7 permit 10.0.0.0 0.0.0.255
access-list 7 permit 10.0.1.0 0.0.0.255
access-list 111 permit ip any any

This last line perfroms the correct routing to my mail server