Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port forwarding question

Status
Not open for further replies.
pkluss

pkluss

Technical User
Dec 8, 2005
1
US
I have an interesting network setup that I'm dealing with. Let's say my we've been issued a public block of IPs 200.200.200.200 - 200.200.200.215. Our internal network address is ALSO 200.200.200 We're basically using NAT as a firewall, but we don't manage our router, our ISP does. Naturally, they don't like having to make changes for us, and technically aren't required to, but they have obliged anyway. Now, we have another smaller intranet that has the address 192.168.192, and this is where all of our servers are. So far we have only NATted to the servers with simple lines like

ip nat inside source static udp 192.168.192.10 2944 200.200.200.205 2944 extendable

Now we're coming across a scenario where we need to NAT through to an internal address that unfortunately is of an external IP that we do not own. Let's say that IP is 200.200.200.250. Someone else owns the public IP, and we're fine with that, but will the router know that we mean for it to let the packets through to the internal IP or will it send them back out? I've read something about an overlay as well, is that related? I basically want to get all of this straight BEFORE I call the ISP since they aren't obligated to do any of it at all. They keep threatening to turn over the management of the router to me and I'd like to defer as long as I can. So, can you help me make it easy for them? Is this possible?

Thanks.

P.S. - Feel free to comment on the ridiculous setup that we have. I really would like to hear why our overall setup is or isn't a good idea, but please also answer the question.
 
Sort by date Sort by votes
so is the ip 200.200.200.250 on the public interface of your router. what do you mean u dont own the ip?
 
Upvote 0 Downvote
Not sure how big your network is, but if it's feasible time-wise, you may want to change the internal addresses, preferably non-routable blocks like 192.168.x.x, 172.x.x.x or 10.x.x.x.

Cheers!
 
Upvote 0 Downvote
I thought I should mention that when I try and telnet into the router on port 25 from an external connection, it isn't rejected. Instead, it appears to connect, but then the cursor just sits there, and key inputs dont echo. Eventually, the connection drops though. I'm familiar with the "200 *****************" response from fixup smtp, but this is truly bizarre. If I try to telnet on any other port, it simply gets rejected, which tells me that something is happening on port 25.

Oh, and telnet port 25 connections to the actual server's internal IP are fine, and are greeted with the usual Exchange messages. So, that's not the problem either.

Thanks again!
 
Upvote 0 Downvote
Ignore the above... accidentally posted into wrong thread. Sorry!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
120
Zero6
Zero6
Gartech
  • Locked
  • Question
LAN Port Test Device
Replies
3
Views
117
ipohead
ipohead
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
82
BleuBell
BleuBell
amelamel
  • Locked
  • Question
port has faulty link
Replies
2
Views
279
ADB100
ADB100
CDIV
  • Locked
  • Question
Use uplink port as access port 2960 1
Replies
9
Views
277
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top