Solved

Cisco 2600 Port Forwarding Script

Posted on 2004-10-30
335 Views
Last Modified: 2011-09-20
Hello,
I have been getting information related to setting up port forwarding on my Cisco 2600 router, but I am still doing something wrong.  I am trying to reach a laptop inside my network from the internet.  I will need to assign about three ports to connect to some instruments controled through the laptop.  I do not want to open up my LAN to the world.  THese are my questions:
1. I have <ip nat inside static source 192.168.0.xx 1000 interface (what do I write here for outside interface?) 1000>.
2. I have <access list 101 deny> on a lot of things, what do I need to change or add to allow access?
3. How do I copy my configurations to be able to paste them on a message like this so you can see my probelms?
Last. To remove a messed up line in the config script, do I type <no (exactly what I have entered including the word extendable at the end)>?
Thanks for the help.
Whit
0
Question by:DMTCALASKA
    5 Comments
     
    LVL 79

    Expert Comment

    by:lrmoore
    1. ip nat inside source static 192.168.0.xx 1000 interface serial0 1000
                                                                                       ^^^ whichever interface you have as "ip nat outside"

    2. To change access-lists you need to take several steps.
    Step 1, copy your complete acl to notepad
    Step 2, remove the acl from the interface
       interface serial 0
         no ip access-group 101 in

    Step 3, delete the acl  "no access-list 101"
    Step 4, edit the access-list in notepad, be sure your new permit is before any deny that would block it, keeping in mind that it is process top-down.
    Step 5, copy / paste the new access-list to the router. In notepad, Edit | select all | copy
     In Hyperterminal, router(config)# <right-click and "paste to host">
    Step 6, re-apply the access-list to the interface
       interface serial 0
        ip access-group 101 in
    Step 7, save your config.

    3. If you're using Hyperterminal, use Transfer | Capture Text (save it as a .txt file wherever you can find it again) | Start
    you will capture everything from
        router#show config  
    You may have to use spacebar to get the whole thing in the capture file. Once you get back to router# prompt, then you can go back to Transer | Capture text > stop
    Now you can open the text file in notepad and cut/paste into the box here.  Else, you can cut/paste in pieces as you advance the config with the spacebar..

    3-b. Yes, generally if you want to remove any line, use "no" in front of the exact command.

    0
     
    LVL 43

    Expert Comment

    by:JFrederick29
    If you want to forward TCP port 1000 to 192.168.0.100:

    1.  ip nat inside source static tcp 192.168.0.100 1000 interface ethernet0 1000

    The outside interface is the interface that has the command "ip nat outside" under it's configuration when you display the running configuration "show run".

    2.  Add the following permit to the top of access-list 101:
         access-list 101 permit any any eq 1000

    You'll need to copy the existing access-list to notepad, use the command "no access-list 101" to remove the access-list from the router, add the permits to the top of the list in notepad, then copy and paste it again in the router configuration.

    3.  Type "show run" from the router# prompt then copy and paste your configuration from your telnet or console session.

    Yes, use the no form of the command, "no ip nat inside source static..."

    0
     
    LVL 79

    Expert Comment

    by:lrmoore
    Damn. I missed the "tcp" in my #1. Should be:

        ip nat inside source static tcp 192.168.0.xx 1000 interface serial0 1000
                                             ^^

    Great minds, think alike, don't they, Jfrederick29?

    0
     
    LVL 43

    Expert Comment

    by:JFrederick29
    Sure do lrmoore!  Of course, your mind is quite a bit greater than mine but my goal is to be where you are someday :)
    0
     
    LVL 79

    Accepted Solution

    by:
    Do you need more information?
    Have you resolved this problem?
    Can you close this question?
    Thanks!
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Suggested Solutions

    Title # Comments Views Activity
    VLAN Routing Using Cisco switches 12 80
    Sonicwall site to site VPN 10 49
    Cisco help 4 25
    Sonicwall Security Service questions 2 26
    New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
    Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now