Newbie Question 831 series Router

[Ravenrx7]

Hello,

My network consist on a 831 series router, a w2k server(running DNS,FTP,etc.) and a client workstation (w2k.) Just recently I purchased router to gain experiance on the device since I'm currently taking the CCNA program. Currently in the program we're only to basic configurations, such as show commands, and soon to be in RIP config.My question is, I know I need to allow some port numbers through to for out side addresses to access my server. So far I've done some research and it looks like I need to setup NAT. Can somebody help me out to get started...all I have as a referance right now is the cisco web site.
thanks~

Josh McMahon
A+ Certified
jmcmahon@lexgen.com

 

[rcasta]

I bumped into this interesting link, hope it helps.

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

Best regards,

 

[Ravenrx7]

thanks a bunch. I followed all the steps and now have the correct ports open. Thanks Again!

Josh McMahon
A+ Certified
jmcmahon@lexgen.com

 

[Ravenrx7]

Would anybody have a link or a quick answer for enabling telnet sessions for the router. Every time I try to telnet into the router from outside the network, I get a :

Connecting To XXXXXXX.com...Could not open a connection to host on port 23 : Connect failed

Josh McMahon
A+ Certified
jmcmahon@lexgen.com

 

[moogeboo]

Hi,

i inherited a client's router environment, and on a cisco 806 router, i'm trying to prevent ports 135-139 on the exchange 2000 server ...however, it doesn't work! can anyone tell me why? thanks!

joe

here's the config:

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SF
!
enable secret 5 $1$3vXw$s.fEGf.nZuyjFeHPXmWvB1
!
ip subnet-zero
!
!
!
!
interface Tunnel0
ip address 192.168.20.2 255.255.255.0
tunnel source Ethernet1
tunnel destination 206.133.115.253
!
interface Ethernet0
ip address 192.168.2.1 255.255.255.0
ip access-group 102 in
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Ethernet1
ip address 67.19.111.130 255.255.255.240
ip access-group 102 in
ip access-group 103 out
ip nat outside
no cdp enable
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.2.2 110 interface Ethernet1 110
ip nat inside source static tcp 192.168.2.2 25 interface Ethernet1 25
ip nat inside source static 192.168.2.3 67.19.111.131
ip classless
ip route 0.0.0.0 0.0.0.0 67.19.111.129
ip route 192.168.1.0 255.255.255.0 Tunnel0
ip http server
ip pim bidir-enable
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 102 deny tcp any host 67.19.111.131 eq 135
access-list 102 deny udp any host 67.19.111.131 eq 135
access-list 102 deny udp any host 67.19.111.131 eq netbios-ss
access-list 102 permit ip any any
access-list 103 permit ip any any

line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
password 7 095F4B08480C471C
login
!
scheduler max-task-time 5000
end

 

[Lonebandit]

Wouldnt this work?

access-list 102 deny udp any any eq netbios-dgm
access-list 102 deny udp any any eq netbios-ns
access-list 102 deny udp any any eq netbios-ss
access-list 102 permit ip any any

then apply this list to your interface like this:

interface Ethernet0
ip access-list 102 in
ip nat inside

(my eth0 in heads toward the dialer1)