1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to forward a range of ports?

Discussion in 'General Cisco Certifications' started by albertc30, Jan 31, 2010.

  1. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello everybody.
    In the Cisco IOS we don't have port forwarding as we would have on a nice Linksys device. Very easy to setup port forwarding especially on a GUI. I have found out that even though we don't have port forwarding on the IOS we can use something that will achieve basically the same thing and it will serve its purpose; port mapping.
    Let's say we want to forward traffic to a ftp server;

    ip nat inside source static tcp 192.168.28.1 21 interface Dialer1 21

    where the server's IP address is 192.168.28.1 and port is 21 and the traffic comes from outside through the Dialler 1 interface on also port 21.

    Now, the question is, how can we map a range of ports from outside to a range of ports on the inside?

    I have searched in Google and came accross this example;

    ip nat pool (pool_name) (start IP) (end IP) (netmask) type rotary
    #the start and end IP would be in this case just one, the servers ip#
    access-list 100 permit tcp any any range (start)(end)
    ip nat inside destination list 100 pool (pool_name)

    The sad thing is that it isn't working for me.
    Any comments on this is, as usually, well appreciated and please, also correct me on my observations should these be wrong or somewhat incorrect. I am always learning.
    Cheers.
     
    Certifications: CCNA
    WIP: 220-701 - A+
  2. Spice_Weasel

    Spice_Weasel Kilobyte Poster

    254
    45
    45
    The method you found, using a rotary pool, can work but there is a better way. Use a route-map instead to define the range of ports to be translated, e.g.:

    ip access-list ext nat_ports
    permit tcp host 192.168.10.123 range 10043 10617 any

    route-map nat_rules per 10
    match ip address nat_ports

    ip nat inside source static 192.168.10.123 int di1 route-map nat_rules

    Remember, route-maps are the Swiss army knife of packet manipulation!

    Spice_Weasel
     
    Certifications: CCNA, CCNP, CCIP, JNCIA-ER, JNCIS-ER,MCP
    WIP: CCIE
  3. albertc30

    albertc30 Kilobyte Poster

    423
    1
    37
    Hello Spice_Weasel.

    It seems very interesting what you have mentioned however, I can't get passed the dialler 1 on your last line on my router. The route-map nat_rules on the last line isn't recognized on my IOS.

    My IOS is 12.3 (2) on a Cisco 1721. Hope you can help me out on this mate.

    Cheers.
     
    Certifications: CCNA
    WIP: 220-701 - A+

Share This Page

Loading...