[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: PortForwarding on Cisco
NAT will work, and work, and work, and work, as long as it's configured
right along the transmission path. However, the best advice would be to give
your clients public IP addresses, unless you are really low on them.
As for the IP allocation from the ISPs RAS DHCP service, it would be best if
your client's RADIUS attributes provided a static IP address; something
like: "Framed-IP-Address = x.x.x.x"
This way, you can have the NAT rule with the static public IP address in
your configuration, and you don't have to worry about your client getting
random addresses from your RAS. You will need to exclude the IP your
configure for the client from your RAS's DHCP pool, however, so it doesn't
get assigned to other clients by mistake.
Regards,
Mark Tinka - CCNA
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel: +256-41-258143
Fax: +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web: www.africaonline.co.ug
-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org] On Behalf Of
Richard Mikisa
Sent: Monday, May 05, 2003 3:06 PM
To: mtinka at africaonline.co.ug; rmikisa at one2net.co.ug; afnog at afnog.org
Subject: Re: PortForwarding on Cisco
Thanx,
However, if the ip on the BRI0/0 is another private IP (when the router
makes
the ISDN connection to the ISP, it's assigned a private IP,something like
172.16.0.8), will this NAT rule still work.
One other thing, there is no serial connection. just the BRI0/0 and its
attributes.
On Monday 05 May 2003 12:04, Mark Tinka wrote:
> You use NAT.
>
> Say you have a mail server seated on your private 192.168.0.0 network;
> and this is your subnetted network:
>
> 192.168.0.1 - internal ethernet interface on router configured for "ip
> nat inside".
>
> 192.168.0.2 - mail server
>
> 192.168.0.3 - .254 - rest of your network
>
> x.x.x.x - public IP address on your serial or ISDN connection
>
> First, setup your NAT:
>
> conf t
> int e0
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
>
> int s0
> ip address x.x.x.x x.x.x.x
> ip nat outside
>
> access-list 1 permit 192.168.0.0 0.0.0.255
>
> ip nat inside source list 1 interface s0 overload
>
> Then port forware all SMTP-destined traffic sent to your x.x.x.x
> public IP address to your internal mail server:
>
> conf t
> ip nat inside source static tcp 192.168.0.2 25 x.x.x.x 25 extendable
>
> That's all there is to it.
>
> Regards,
>
> Mark Tinka - CCNA
> Network Engineer
> Africa Online Uganda
> 5th Floor, Commercial Plaza
> 7 Kampala Rd,
> Tel: +256-41-258143
> Fax: +256-41-258144
> E-mail: mtinka at africaonline.co.ug
> Web: www.africaonline.co.ug
>
>
> -----Original Message-----
> From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org] On Behalf
> Of Richard Mikisa
> Sent: Monday, May 05, 2003 11:54 AM
> To: afnog at afnog.org
> Subject:
>
>
> how do you port forward on a cisco router (2611) e.g if i want all
> traffic to my mail server to be forwarded to the server sitting on my
> internal lan, connection type in this case is ISDN.
--
cheers
Richard
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put your
request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org