Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

would this be a correct dmz statment

Status
Not open for further replies.
CiscoGuy79

CiscoGuy79

Technical User
Dec 17, 2004
18
0
0
US
outside-->router-->inside---hosts

ip nat inside source static 192.168.1.100 int fa0/0
ip nat inside source static 192.168.1.120 int fa0/0
ip nat inside source static 192.168.1.140 int fa0/0

with fa0/0 being my outside interface

with these statements would they be open for everything and not blocked?

thanks
nathan
 
Sort by date Sort by votes
No. You can't do a static mapping from the external address to three seperate internal addresses. If I connected to the external address on fa0/0, which internal address would that map to?

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************
 
Upvote 0 Downvote
Chris is right - you have to specify a port. For instance (Just using arbitrary port numbers). CAPSLOCK indicates what I added.

ip nat inside source static TCP 192.168.1.100 25 int fa0/0 25
ip nat inside source static TCP 192.168.1.120 23 int fa0/0 23
ip nat inside source static TCP 192.168.1.140 80 int fa0/0 80

In this example, all traffic trying to get to whatever IP your external interface (fa0/0) has, would get piped inside to the specified addresses, on the specified ports.

Example: All traffic on port 25 (SMTP) would get re-directed to 192.168.1.100 on port 25. You can change the ports around, if it's going to another port for example. Change the first '25' to '30' if you wanted to pipe traffic to port 30.

Does that make sense?

- stephan
 
Upvote 0 Downvote
Yes this makes sense, I have been using the port forwarding statements. I just thought there would be a way to put host(s) as a dmz that allows all ports through to that specific IP.

thanks guys again,

nathan
 
Upvote 0 Downvote
I think you can redirect all traffic to an internal host, but ONLY one, and it would probably prevent Dynamic NAT for everyone else (no one else could use the IP)

- stephan
 
Upvote 0 Downvote
yes i tried this statement

ip nat inside source static 192.168.1.100 int fa0

and that forwarded everything to my internal ip and i couldn't even telnet to the router from the outside anymore because everything was forwarded. I was wondering if I could use another valid outside address and not fa0's ip address

like this:
ip nat inside source static 192.168.1.100 a.b.c.60

thanks
nathan
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jarod_paris
  • Locked
  • Question
firmware for an AP2800 WiFi terminal
Replies
0
Views
75
jarod_paris
jarod_paris
Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
71
Zero6
Zero6
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
43
NavinNet
NavinNet
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
91
BIS
BIS
inlsp05
  • Locked
  • Question
2811&2960 48 volts wiring diagram
Replies
1
Views
65
BOKA
BOKA

Part and Inventory Search

Sponsor

Back
Top