Need Help on a Cisco 2520

[elect6009]

Hi, I'm a newbie to cisco IOS. Below is my existing config that works fine with a T1 service i have.
I was given 13 ip addresses (216.179.118.178 thru 216.179.118.190).
I would like to have a configuration that i could assign private ip addresses(192.168.1.1 thru 192.168.1.20) to some of the pc's and the public to other pc's.
I would also like to close all ports except for port TCP/UDP 21, TCP/UDP 80, TCP/UDP 6665 thru 6669, TCP/UDP 8602, TCP/UDP 3074 and UDP 88 on private and some of the public ip's.
I'm sorry for the newbie questions but i have read and read with no luck helping me configure the above settings.
Any help will be greatly appreciated.
Thanks in advance.

************************************************************
************************************************************
************************************************************
Cisco 2520 IOS Version Info

Router#sh ver
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.2(13a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Sun 02-Feb-03 18:03 by kellythw
Image text-base: 0x0307C728, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTLDR: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWA
RE (fc1)

Router uptime is 2 days, 11 hours, 36 minutes
System returned to ROM by reload
System image file is "flash:c2500-js-l.122-13a.bin"

cisco 2520 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 12874785, with hardware revision 00000003
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
Basic Rate ISDN software, Version 1.1.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

Router#

************************************************************
************************************************************
************************************************************
Running Configuration


Router#sh conf
Using 1165 out of 32762 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname "Router"
!
enable secret 5 $*$*lV/*T*a*****x0qwLj*******X0
enable password **************
!
ip subnet-zero
!
!
!
!
interface Ethernet0
ip address 216.179.118.177 255.255.255.240
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
encapsulation frame-relay IETF
no ip route-cache
no ip mroute-cache
frame-relay lmi-type ansi
!
interface Serial0.16 point-to-point
ip address 218.41.121.163 255.255.255.0
no ip route-cache
frame-relay interface-dlci 16
!
interface Serial1
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial2
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface Serial3
no ip address
no ip route-cache
no ip mroute-cache
shutdown
!
interface BRI0
no ip address
encapsulation hdlc
no ip route-cache
no ip mroute-cache
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.16
no ip http server
!
!
!
line con 0
line aux 0
transport input all
line vty 0 4
password **********
login
!
end

Router#

 

[mtashiro]

You have a small problem. The IP pool that was given to you is on the ethernet side of your router. You need to put a firewall on behind the router. This device will be able to do the NAT functions and the port filtering you desire.


It will look like this:

Serial0 <--> Router <--> Firewall <--> Inside network

This router connects to the internet correct?

 

[mtashiro]

One other thing I forgot to mention. It would be possible to configure this router to port filter using the firewall feature set IOS or use access-lists.

 

[elect6009]

Yes this router connects to the internet.