jrhue
asked on
Cisco Router - redirect all customer traffic to specific IP and Port ( eg. www and domain )
When a customer has not paid or thier service has been disabled for any reason, we send them to a web page with our name and phone number and a message to call us.
With customers where we have a linux based firewall, I simply use the following iptables commands
#### let thru all dns traffic. DNAT all www traffic to one IP address (blocked service screen )
#### block all other traffic from the customer's subnet
#### customers interface is eth1 --- the public facing interface is eth0
#iptables -t nat -A PREROUTING -i eth1 -p udp --dport domain -j ACCEPT
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport www -j DNAT --to 11.22.33.44
#iptables -t nat -A PREROUTING -s 55.66.77.88/27 -j DROP
We have many customers with just Cisco 1600/1720/2500 routers and no firewall.
How do I do the same redirection with a standard cisco router?
They are all running IOS 11 or higher.
With customers where we have a linux based firewall, I simply use the following iptables commands
#### let thru all dns traffic. DNAT all www traffic to one IP address (blocked service screen )
#### block all other traffic from the customer's subnet
#### customers interface is eth1 --- the public facing interface is eth0
#iptables -t nat -A PREROUTING -i eth1 -p udp --dport domain -j ACCEPT
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport www -j DNAT --to 11.22.33.44
#iptables -t nat -A PREROUTING -s 55.66.77.88/27 -j DROP
We have many customers with just Cisco 1600/1720/2500 routers and no firewall.
How do I do the same redirection with a standard cisco router?
They are all running IOS 11 or higher.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.