Cisco 2600 Port Forwarding Script

Hello,
I have been getting information related to setting up port forwarding on my Cisco 2600 router, but I am still doing something wrong.  I am trying to reach a laptop inside my network from the internet.  I will need to assign about three ports to connect to some instruments controled through the laptop.  I do not want to open up my LAN to the world.  THese are my questions:
1. I have <ip nat inside static source 192.168.0.xx 1000 interface (what do I write here for outside interface?) 1000>.
2. I have <access list 101 deny> on a lot of things, what do I need to change or add to allow access?
3. How do I copy my configurations to be able to paste them on a message like this so you can see my probelms?
Last. To remove a messed up line in the config script, do I type <no (exactly what I have entered including the word extendable at the end)>?
Thanks for the help.
Whit
DMTCALASKAAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Do you need more information?
Have you resolved this problem?
Can you close this question?
Thanks!
0
 
lrmooreCommented:
1. ip nat inside source static 192.168.0.xx 1000 interface serial0 1000
                                                                                   ^^^ whichever interface you have as "ip nat outside"

2. To change access-lists you need to take several steps.
Step 1, copy your complete acl to notepad
Step 2, remove the acl from the interface
   interface serial 0
     no ip access-group 101 in

Step 3, delete the acl  "no access-list 101"
Step 4, edit the access-list in notepad, be sure your new permit is before any deny that would block it, keeping in mind that it is process top-down.
Step 5, copy / paste the new access-list to the router. In notepad, Edit | select all | copy
 In Hyperterminal, router(config)# <right-click and "paste to host">
Step 6, re-apply the access-list to the interface
   interface serial 0
    ip access-group 101 in
Step 7, save your config.

3. If you're using Hyperterminal, use Transfer | Capture Text (save it as a .txt file wherever you can find it again) | Start
you will capture everything from
    router#show config  
You may have to use spacebar to get the whole thing in the capture file. Once you get back to router# prompt, then you can go back to Transer | Capture text > stop
Now you can open the text file in notepad and cut/paste into the box here.  Else, you can cut/paste in pieces as you advance the config with the spacebar..

3-b. Yes, generally if you want to remove any line, use "no" in front of the exact command.

0
 
JFrederick29Commented:
If you want to forward TCP port 1000 to 192.168.0.100:

1.  ip nat inside source static tcp 192.168.0.100 1000 interface ethernet0 1000

The outside interface is the interface that has the command "ip nat outside" under it's configuration when you display the running configuration "show run".

2.  Add the following permit to the top of access-list 101:
     access-list 101 permit any any eq 1000

You'll need to copy the existing access-list to notepad, use the command "no access-list 101" to remove the access-list from the router, add the permits to the top of the list in notepad, then copy and paste it again in the router configuration.

3.  Type "show run" from the router# prompt then copy and paste your configuration from your telnet or console session.

Yes, use the no form of the command, "no ip nat inside source static..."

0
 
lrmooreCommented:
Damn. I missed the "tcp" in my #1. Should be:

    ip nat inside source static tcp 192.168.0.xx 1000 interface serial0 1000
                                         ^^

Great minds, think alike, don't they, Jfrederick29?

0
 
JFrederick29Commented:
Sure do lrmoore!  Of course, your mind is quite a bit greater than mine but my goal is to be where you are someday :)
0
All Courses

From novice to tech pro — start learning today.