Announcement

Collapse
No announcement yet.

Portforwarding on 800 series with SDM

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Portforwarding on 800 series with SDM

    Hello,

    I have to forward port 80 & port 21 to a internal IP (10.0.0.10). I don't know any Cisco-language at all, so I'm using SDM Express to make it a little easier.

    Some time ago, someone forward the 3389-port and I noted all the steps. I'm trying the same steps, but it's not working for the 80 and 21-port.

    Can anyone help me out please?

    Thanks

    !This is the running config of the router: 10.0.0.254
    !----------------------------------------------------------------------------
    !version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$eHCh$5k9bfOE5/jzKt.iIiXTo21
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 1
    clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
    ip subnet-zero
    no ip source-route
    ip cef
    !
    !
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 netshow
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    ip tcp synwait-time 10
    no ip bootp server
    no ip domain lookup
    ip domain name dekoorddanser.be
    !
    !
    crypto pki trustpoint TP-self-signed-265580177
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-265580177
    revocation-check none
    rsakeypair TP-self-signed-265580177
    !
    !
    crypto pki certificate chain TP-self-signed-265580177
    certificate self-signed 01
    3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32363535 38303137 37301E17 0D303230 33303130 30353232
    385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
    532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3236 35353830
    31373730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
    C19CA28D DA464C6B 7D3BF775 A84EB217 08162B89 770B6C64 588E5807 1E953600
    AC66B747 2B4E720C F4149244 13C0F410 C03668D3 93E72A4E 29398269 4B372B13
    52342295 7AD89D91 8E1A9661 BDEDC059 24F81654 BB789972 A381C66E 8975E9C6
    01F61169 FA2B061C 0B8A3FB5 29332566 5316E9F1 C2A5F225 443B8277 BED9DB89
    02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
    11041B30 19821772 6F757465 722E6465 6B6F6F72 6464616E 7365722E 6265301F
    0603551D 23041830 16801475 8E782377 BF5D897D BDF7CD90 7DF94753 550E9630
    1D060355 1D0E0416 0414758E 782377BF 5D897DBD F7CD907D F9475355 0E96300D
    06092A86 4886F70D 01010405 00038181 002264D9 80889C60 A9E548CB CE20E293
    A0CF2A84 5F4768B7 77CB2184 2D9F1CE0 680407FD 10AB1C91 44D8010F 41ECE664
    71E3E2F2 C6934317 4409965D C5519A68 A6228F3D CCE422D7 AC6F172C 0A34A5CA
    8639E21D 85B48618 D233A25A 902E2EC1 F86CEEB2 E0D1EE32 E0DFCD6E CC6B513B
    3E9952B2 4B2F6C2C 30242631 6AE99E5B F1
    quit
    username admin privilege 15 secret 5 $1$o8q4$9Sk8h3suhBEqLVxYDcgVi.
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $FW_OUTSIDE$$ES_WAN$
    ip address 212.239.211.211 255.255.255.128
    ip access-group 101 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip inspect DEFAULT100 out
    ip nat outside
    ip virtual-reassembly
    pvc 8/35
    protocol ip 212.239.211.129 broadcast
    encapsulation aal5snap
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 10.0.0.254 255.255.255.0
    ip access-group 100 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 212.239.211.129
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 4 interface ATM0.1 overload
    ip nat inside source static tcp 10.0.0.10 21 interface ATM0.1 21
    ip nat inside source static tcp 10.0.0.10 80 interface ATM0.1 80
    ip nat inside source static tcp 10.0.0.10 3389 interface ATM0.1 3389
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.0.0.0 0.0.0.255
    access-list 2 remark SDM_ACL Category=2
    access-list 2 permit 10.0.0.0 0.0.0.255
    access-list 3 remark SDM_ACL Category=2
    access-list 3 permit 10.0.0.0 0.0.0.255
    access-list 4 remark SDM_ACL Category=2
    access-list 4 permit 10.0.0.0 0.0.0.255
    access-list 100 remark auto generated by Cisco SDM Express firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip 212.239.211.128 0.0.0.127 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by Cisco SDM Express firewall configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp any host 212.239.211.211 eq 3389
    access-list 101 deny ip 10.0.0.0 0.0.0.255 any
    access-list 101 permit icmp any host 212.239.211.211 echo-reply
    access-list 101 permit icmp any host 212.239.211.211 time-exceeded
    access-list 101 permit icmp any host 212.239.211.211 unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any
    no cdp run
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end
    Last edited by piebus; 2nd April 2009, 09:31.

  • #2
    Re: Portforwarding on 800 series with SDM

    Are ports 80 and 21 "listening" on the internal host? I'm assuming you're running a web and ftp server on the host, but are you in fact doing that?

    Comment


    • #3
      Re: Portforwarding on 800 series with SDM

      Add this to your access-list 101

      access-list 101 permit tcp any host XX.XX.XX.XX eq www
      access-list 101 permit tcp any host XX.XX.XX.XX eq ftp


      XX.XX.XX.XX = Your outside ip.
      CCNA, Network+

      Comment


      • #4
        Re: Portforwarding on 800 series with SDM

        Hey,

        how do I add this? Can I do this with the SDM, or do I just have to typ this rules between the other lines? (and how?)

        Comment


        • #5
          Re: Portforwarding on 800 series with SDM

          Originally posted by joeqwerty View Post
          Are ports 80 and 21 "listening" on the internal host? I'm assuming you're running a web and ftp server on the host, but are you in fact doing that?
          We are running software so that the teachers can note the meals of the students. The man who made this want to change something and has to put some files on the server.

          Therefor he needs port 80 and 21... (he told me...)

          Comment

          Working...
          X