dissolved
asked on
Port forwarding to /through a router?
Would some experts look at this and tell me if this is going to work please?
http://mvpbaseball.cc/help.jpg
Intro: I need mail from the internet , to reach my internal mail server.
Explanation:
In the diagram, I am doing kind of a half a$$ DMZ by using two cisco routers with a back-to-back cable. This segments the network, but makes one too many networks than I need (dont need the extra 192.168.0.0) However, this is all I have got to work with. Ideally I should be using two firewalls to create a DMZ (I know), but I dont have those yet.
Problem: I need to have internet email reach my internal mail server. I am not sure it is possible with the way I have things set up.
Is there a way for mail sent to dissolved@dissolvedz.com to reach my internal mail server? Will all those NAT translations screw anything up?
Thanks
http://mvpbaseball.cc/help.jpg
Intro: I need mail from the internet , to reach my internal mail server.
Explanation:
In the diagram, I am doing kind of a half a$$ DMZ by using two cisco routers with a back-to-back cable. This segments the network, but makes one too many networks than I need (dont need the extra 192.168.0.0) However, this is all I have got to work with. Ideally I should be using two firewalls to create a DMZ (I know), but I dont have those yet.
Problem: I need to have internet email reach my internal mail server. I am not sure it is possible with the way I have things set up.
Is there a way for mail sent to dissolved@dissolvedz.com to reach my internal mail server? Will all those NAT translations screw anything up?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a bunch lrmoore.
3 quick questions.
-Where did the IP 192.168.1.41 come from? Did you mean 192.168.1.40?
-static NAT looks similar to "port forwarding" (which is done on low end routers). Are they the same?
thanks
3 quick questions.
-Where did the IP 192.168.1.41 come from? Did you mean 192.168.1.40?
-static NAT looks similar to "port forwarding" (which is done on low end routers). Are they the same?
thanks
I used 192.168.1.41 because it is on the "outside" LAN, and because I can use any free IP address on the outside LAN subnet to create a static 1-1 nat to an "inside" host
Yes, static PAT is the same as port forwarding.
static NAT:
ip nat inside source static 192.168.2.3 12.34.56.7
static PAT (port forwarding)::
ip nat inside source static tcp 192.168.2.3 25 12.34.56.8 25
ip nat inside source static tcp 192.168.2.3 80 12.34.56.8 80
Yes, static PAT is the same as port forwarding.
static NAT:
ip nat inside source static 192.168.2.3 12.34.56.7
static PAT (port forwarding)::
ip nat inside source static tcp 192.168.2.3 25 12.34.56.8 25
ip nat inside source static tcp 192.168.2.3 80 12.34.56.8 80
ASKER
so static PAT can be used in this case if we wanted to (instead of using static NAT). It would require one more line of configuration though?
We just use static NAT because it only requires one entry, instead of two.
with static NAT, we just need
ip nat inside source static 192.168.2.3 12.34.56.7
with static PAT we need two statements
ip nat inside source static tcp 192.168.2.3 25 12.34.56.8 25
ip nat inside rouce static tcp 192.168.2.3 80 12.34.56.8 80
Am I on track?
We just use static NAT because it only requires one entry, instead of two.
with static NAT, we just need
ip nat inside source static 192.168.2.3 12.34.56.7
with static PAT we need two statements
ip nat inside source static tcp 192.168.2.3 25 12.34.56.8 25
ip nat inside rouce static tcp 192.168.2.3 80 12.34.56.8 80
Am I on track?
You're getting it! That's exactly right
And you can forward the www port 80 to your web server, and port 25 to your email server - they don't have to be the same box! How cool is that?
And you can forward the www port 80 to your web server, and port 25 to your email server - they don't have to be the same box! How cool is that?
ASKER
Here's what I plan to do. Anyone, please chime in.
1. I will log in my cable router (192.168.1.1). I will then forward tcp 25 to the Cisco router (192.168.1.40).
2. 192.168.1.40 will receive the traffic, and hopefully forward it out it's s0 interface, to router 192.168.2.1
3. 192.168.2.1 will then pass the frame to the exchange server 192.168.2.3
How does that sound?