Port Forwading 1

[zharling]

I have a client who has a 2611 Router with IOS 12.0. I have looked all over Cisco's web site and cant find how to configure it for Port Forwading. I just need to set up a simply redirection of a port to a internal IP.

Is this not possable on a 2611?

Any help would be great.

Regards,
Zack Harling

 

[sobak]

I've never set up port forwarding on a 2611 router, what I've done is run a static nat for the address on the router then set up an ACL to limit the traffic that goes to that IP. I know this is not really port forwarding, sorry I couldn't be much help. I know that some SOHO routers will do port forwarding to internal IP Addresses, since most of my Cisco routers are running multiple internet domains the question has never come up. david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[RouterGod]

Can you describe in more detail what you would like to accomplish? Am I correct in assuming you want to forward a specific interface on the 2611 to a address internally? What is the device it is being forwarded to? The reason I ask is there are different options for different circumstances, and I'd like to help with the one most suited to your particular scenario. Regards,

Don

 

[zharling]

Well basicaly what it is, is this company has a Web server on the other side of this router and they have one public IP. They want all services to hit this single external IP(Such as email/web/ftp/telnet/sql/terminal servers and others) So that is why I am wanting to do port forwading.

Example:

Client request

http://www.dummydomainname.com

> 12.95.4.2(router)
Requesting port 80 from 12.95.4.2 Router redirects them to internal IP 10.1.1.99:80.


Hope this helps clear it up.

Thanks for the prompt responses.
Zack Harling

 

[RouterGod]

O.K. I had to actually think about this one... In fact me and my collegues brainstormed this one and this is what came of it. If I am understanding this correctly, The router is connected to the ISP with a public address and the internal network (where the servers are) is all 10.x.x.x. I don't think that there is any way to do this without NATing and using a public address structure.

Initially I thought that enabling ip proxy on the router might work but that would only allow inside traffic to go out (they would all appear on the outside as a single address), not outside traffic to come in.

However, there is an alternative. If you replace the router with an NT box and use a software product called Win Router it can work. What Win Router basically does is port mapping to IP address. This means that the FTP or Web sessions from the outside would all point to the external public IP address on this server. Each session would have to reference a custom port number.. The server would then read the custom port number and translate that to the internal private IP address of the specific server. Note: Win2K can also be set-up as such. I guess what is trying to be said is you might not be able to have your cake and eat it too. ;-) Regards,

Don

 

[zharling]

Many thanks for the effort Don. I am currently using a product called Winroute Pro on a NT 4.0 box to do port forwarding. Just I hate how NT needs to be rebotted constantly and thought if I could do it on a router it would be better.

No worries I can continue use winrouter, or I can see if i can track down a copy of the IOS firewall software.

Thanks again.

Regards,
Zack

 

[StarTAC]

u know, u could try Port forwarding using Linux.. it would be much safer, and more robust in the long run.. plus, u don't need to constantly reboot... hehehe..

good luck

 

[zharling]

Your absolutly right. Problem is I need to utilize ASP and MS SQL. So looks like I am stuck with NT (

 

[StarTAC]

that's no problem, if u run a web server, all u need to do is assign one of your private LAN IPs, and then set up Linux to port forward requests sent to it for port 80, the HTTP port.... u could even port forward direct to the MS-SQL port if u like.. with Linux, u can always have a way out...

good luck