NAT rule to allow multiple ports

[ajtsystems]

Hi,

I need to allow a range of RPC ports inbound to an internal address. I am familiar with the:

ip nat inside static and am using it with extended ACLs to allow single ports inbound, for example
ip nat inside source static tcp 192.168.100.1 5900 123.123.123.123 5900 extendable

I have been looking at teh syntax and have found a way to open all TCP ports but when I apply the fix I loose connection to the router as its remote.

It goes like this:

ip nat inside source static 10.14.25.15 213.186.145.13
with no port numbers

I have only a single IP address externally on the router.

Any help would be good, thanks

james

 

[Minue]

Hello
This could be because the router is even sending port 23 for telnet to the static host.I think you will have open the specific ports you need.

Regards

 

[ajtsystems]

Hi, Thanks,

Ouch, because they are RPC port and between 1024 - 5000 this will take a while.

 

[Minue]

Hello
We have these powerful things call route-maps trying looking into them may help.If I find time tommorow I will try to see if there's a work around.

Regards

 

[burtsbees]

access-list 101 permit tcp any host y.y.y.y eq 21
access-list 101 permit tcp ......eq 23
access-list 101 permit tcp...eq range 1002-1045

route-map static_nat permit 1
match address 101

ip nat inside source route-map static_nat outside_ip_address

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ajtsystems]

Hi I have managed to get it done with a nat pool. The route-Map looks a little more tidy so will check them out - thanks




ip nat pool MyPool 192.168.100.1 192.168.100.1 netmask 255.255.255.0 type rotary
ip nat inside destination list 102 pool MyPool


ip access-list extended incoming-outside

permit tcp host 62.254.185.77 any range 1024 6000


access-list 102 permit tcp any any range 1024 5000


Thanks for your help

james