Announcement

Collapse
No announcement yet.

How to forward a range of ports to a single private IP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to forward a range of ports to a single private IP

    Hello,

    In order to forward one port to an internal IP I do:

    access-list <acc_list_number> permit <port_type> any any eq <port_number>
    ip nat inside source static <port_type> <internal_IP> <port_number> interface <outside_interface> <port_number>

    However, I run into a problem when I need to forward a range of ports, such as UDP 10000-20000 to a single internal IP. Is this possible with Cisco IOS?

  • #2
    Re: How to forward a range of ports to a single private IP

    Does the non-response to this post indicate that this can't be done or I posted in the wrong NG?

    Comment


    • #3
      Re: How to forward a range of ports to a single private IP

      Hi majamer,

      Perhaps the non-response means that we are stumped as to why the Cisco IOS cannot seem to do this.

      I can do an ACL that defines a range of ports, no problem, like this:
      access-list 101 permit udp any any range 10000 20000

      But I cannot seem to find a way to use that ACL in the NAT command.

      I did find another website where someone wrote a blog on how crazy it is that this is not possible. That made me feel better that perhaps I wasn't just missing it.
      http://slaptijack.com/networking/cis...nge-stupidity/

      Still, you would think that the best router OS in the world - the Cisco IOS - would have some easy way to do this without entering a 10,000 line list of static NAT ports.

      Anyone else have any other ideas or thoughts on this?
      David Davis - Petri Forums Moderator & Video Training Author
      Train Signal - The Global Leader in IT Video Training
      TrainSignalTraining.com - Free IT Training Products
      Personal Websites: HappyRouter.com & VMwareVideos.com

      Comment


      • #4
        Re: How to forward a range of ports to a single private IP

        Originally posted by daviddavis View Post
        Still, you would think that the best router OS in the world - the Cisco IOS - would have some easy way to do this without entering a 10,000 line list of static NAT ports.
        I don't respond earlier myself as there was no clear statement of the problem. The problem is the typing of 10000 lines?

        Ammmm
        Why not create the lines for your config on your pc (using scripts or whatever for the 10000 lines) and import the config?
        I don't know anything about (you or your) computers.
        Research/test for yourself when listening to free advice.

        Comment


        • #5
          Re: How to forward a range of ports to a single private IP

          Yes, scripts would make it easier but I'm not sure how the router would perform with a 10,000+ line config file.

          If that is what he wants to do, he is welcome to it....

          I mean, if a Linksys can do it with a few clicks, it just seems silly that, as far as I can tell, it cannot be done on a Cisco. This is something I will have to look into more....

          Thanks for your post Maebe!
          David Davis - Petri Forums Moderator & Video Training Author
          Train Signal - The Global Leader in IT Video Training
          TrainSignalTraining.com - Free IT Training Products
          Personal Websites: HappyRouter.com & VMwareVideos.com

          Comment


          • #6
            Re: How to forward a range of ports to a single private IP

            Okay, I opened up a Cisco TAC case on this question.

            Initially, they said that it wasn't possible and they opened up a bug ticket for me under NAT.

            However, then they came back and said that it can be done. Here is how-

            Code:
            access-list 101 permit  tcp host any range 2000 2100 any
            
            route-map NAT permit 10
            match ip add 101
            
            ip nat inside source static x.x.x.x y.y.y.y  route-map NAT
            Please give it a try and let me know if it works for you.

            Thanks!
            David
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment


            • #7
              Re: How to forward a range of ports to a single private IP

              Very nice, wtg on following this up David.
              I don't know anything about (you or your) computers.
              Research/test for yourself when listening to free advice.

              Comment


              • #8
                Re: How to forward a range of ports to a single private IP

                You're a life saver David!! I've been trying to get a useful answer from Cisco but never had any luck. Your suggestion did do the trick.

                Thanks alot!

                Martha

                Comment

                Working...
                X