vmagan
asked on
Port blocked on router end
Hi guys,
Port 80 is supposedly block but not by my ISP. I confirmed with ISP that it has been open. I dont have a firewall and was wondering if my cisco 2650 router can block port 80.
See config below and let me know if anything needs to be fixed.
2650Router#sho run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2650Router
!
enable
!
username
!
!
!
!
ip subnet-zero
ip domain-name .com
ip name-server 4.2.2.2
!
!
!
!
interface FastEthernet0/0
description INTERNAL LAN PORT
mac-address xxxx
ip address 10.10.10.60 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Ethernet1/0
description INTERNET LAN PORT
ip address xxxx 255.255.255.248
ip nat outside
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
ip nat inside source list NAT-ADDRESSES interface Ethernet1/0 overload
ip nat inside source static tcp 10.10.10.90 25 interface Ethernet1/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 xxxx
no ip http server
!
!
ip access-list standard NAT-ADDRESSES
permit 10.10.0.0 0.0.255.255
permit 10.10.10.0 0.0.0.255
permit 10.10.20.0 0.0.0.255
!
line con 0
exec-timeout 30 0
password
logging synchronous
login local
transport input none
line aux 0
line vty 0 4
exec-timeout 30 0
password
logging synchronous
login local
!
no scheduler allocate
end
Do I have to do a NAT? If so, what is the cmd.
Thanks
Port 80 is supposedly block but not by my ISP. I confirmed with ISP that it has been open. I dont have a firewall and was wondering if my cisco 2650 router can block port 80.
See config below and let me know if anything needs to be fixed.
2650Router#sho run
Building configuration...
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2650Router
!
enable
!
username
!
!
!
!
ip subnet-zero
ip domain-name .com
ip name-server 4.2.2.2
!
!
!
!
interface FastEthernet0/0
description INTERNAL LAN PORT
mac-address xxxx
ip address 10.10.10.60 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface Ethernet1/0
description INTERNET LAN PORT
ip address xxxx 255.255.255.248
ip nat outside
!
interface Ethernet1/1
no ip address
shutdown
!
interface Ethernet1/2
no ip address
shutdown
!
interface Ethernet1/3
no ip address
shutdown
!
ip nat inside source list NAT-ADDRESSES interface Ethernet1/0 overload
ip nat inside source static tcp 10.10.10.90 25 interface Ethernet1/0 25
ip classless
ip route 0.0.0.0 0.0.0.0 xxxx
no ip http server
!
!
ip access-list standard NAT-ADDRESSES
permit 10.10.0.0 0.0.255.255
permit 10.10.10.0 0.0.0.255
permit 10.10.20.0 0.0.0.255
!
line con 0
exec-timeout 30 0
password
logging synchronous
login local
transport input none
line aux 0
line vty 0 4
exec-timeout 30 0
password
logging synchronous
login local
!
no scheduler allocate
end
Do I have to do a NAT? If so, what is the cmd.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your router blocks unsolicited packets on EVERY port, unless you specifically open them.
ASKER
That did it. Thanks