Static ip's on 1604

[UNIX72]

I have a dial-up isdn 128k on my 1604 router with a static ip. My question is how would you setup other services such as ftp, vpn, web server i want to make them avaliable to some users on the internet. I know how to setup vpn, ftp, and a webserver, but do i need a static ip on the server in which i want these services to run? The users will only connected when im connected to the internet. Please forgive most of my experience has been administration (novell, NT, Unix)Does anybody have ideas? Thanks alot who help

 

[JohnJohn]

I would think you would need to use NAT from the router, send say ftp traffic to only your ftp sever.

User hit static IP on net, router looks at request, sees ftp port 21, rule in router says all port 21 traffic route to internal server xxx.xxx.xxx your ftp servers address

Good luck

 

[wybnormal]

Correct.. NAT will easily do this. You need to "overload" the addresses which really means you want to share the one static IP you have on the LAN side of the network. You also need to set up some static mappings through NAT for the services of FTP, HTTP or whatever else you want. THe static mapping will point the shared IP to a specific port/IP address on the LAN side. I do this very thing to push out my web server and web-based exchange mail service.

See below

Mike S
-----------------------

!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp xxx.xxx.xxx.xxx 81 xxx.xxx.xxx.xxx 81 extendable
ip nat inside source static tcp xxx.xxx.xxx.xxx 80 xx.xxx.xxx.xxx 80 extendable

interface Ethernet0
ip address xxx.xxx.xxx.xxx 255.255.255.0 secondary
ip address xxx.xxx.xxx.xxx-packets
ip nat inside
no cdp enable

!
interface Ethernet1
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip access-group 107 in
ip access-group 101 out
no ip directed-broadcast
ip nat outside
no cdp enable
no mop enabled

 

[UNIX72]

Thanks, JohnJohn and wybnormal i will it out. Is there any way you could put security on the services, thanks

 

[wybnormal]

Security on FTP? sure.. you can dump the anomyous loging and make sure they have to have an authenticated user ID. Restrict the directory privilages to write only.. no list( read) and so on. The web server you could change the port from 80 to ..say 81 or whatever you want( without stepping on something else)

Mike S

 

[UNIX72]

Question wybnormal from the client side how will the client connect to my web or ftp server. Will they just type my static ip? thanks so much for helping

 

[wybnormal]

Assuming you change the port ID for HTTP access.. you would type the IP address of the *router* running NAT. The router would see the port selection, look at NAT and pass along the packets to the correct IP on your network

The IP would look something like

192.168.50.1:81 ( note the :81 which denotes which port you other then the default of 80)

Same would go for FTP. You can always just let plain FTP traffic through the NAT without changing the port. Depends on how paranoid you are

Mike S

 

[UNIX72]

Thanks wybnormal it work