Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding 851

Status
Not open for further replies.
JShadden

JShadden

Technical User
Sep 21, 2010
2
US
Can someone help me or point me in the right direction concerning port forwarding? I'm fairly new with Cisco and I'm having trouble finding the best way to go about this.

I have a Windows Home Server that I'm trying to access from outside the network. The ports that I need forwarded are 80, 443, 3389, and 4125. This is so I can reach a login page and access my files remotely. I tried using the command IP NAT INSIDE SOURCE TCP 192.168.1.112 4125 INTERFACE FA4 4125 but that didn't work. If try to access the page from inside the network, I get the routers SDM; outside I get nothing.

Here's my running config:


!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Io
!
boot-start-marker
boot-end-marker
!
!
username jshadden privilege 15 secret 5 $1$hPNQ$SCy2T8Zi4I9EyA9KXUKUs0
clock timezone CST -6
clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
no aaa new-model
ip subnet-zero
!
ip dhcp pool 192.168.1.0/24
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ftp-server write-enable
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.112 60618 interface FastEthernet4 60618
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any log
!
control-plane
!
!
line con 0
exec-timeout 30 0
logging synchronous
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
end


Any ideas?
 
Sort by date Sort by votes
your command is correct, it should work.
example from my working router:
ip nat inside source static tcp 10.100.100.2 23 interface FastEthernet0/0 23

however you are forgetting one pesky thing - you might want to allow that traffic to actually come through the interface... I see ACL 101 on fe4 yet i dont see anywhere permitting those ports.
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any log
Click to expand...

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
Upvote 0 Downvote
Thank you! I'm haven't gotten into access lists yet and what I have was done with the SDM. Looking at what I have, would the command be something like: access-list 101 permit tcp any eq 4125 192.168.1.112 eq 4125

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
231
Zero6
Zero6
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
232
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
165
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
460
ADB100
ADB100
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
593
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top