Newbie Port Forwarding Question

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Thanks to everyone in advance.  I am stuck in the middle of a project
where there was an existing Cisco 1720 that looks like it had grown out
of control.  I have no experience with cisco other than what I have
learned in the groups.  I think what I need to do is basic, but I am
struggling.  I need to forward all SMTP traffic to a specific ip
address.  Can I just create an access list at the very beginning?  Is
there anything special I need to do with the interfaces?  Any help
would  be very much appreciated.

Here is a little snippet of the code:

ip subnet-zero
no ip source-route
!
!
ip tftp source-interface FastEthernet0
ip domain name indy.local135.com
ip name-server 192.168.200.10
ip name-server 192.168.200.12
!
no ip cef
ip audit po max-events 100
ftp-server enable
!
!
username admin privilege 15 secret 5
username slefevre privilege 15 secret 5
!
!
!
interface FastEthernet0
 description $ETH-LAN$
 ip address 192.168.200.1 255.255.255.0
 ip nat inside
 ip route-cache flow
 speed auto
 full-duplex
!
interface FastEthernet0.20
 description DMZ Interface
 encapsulation dot1Q 20
 ip address 12.96.76.70 255.255.255.248
 ip access-group sdm_fastethernet0.20_in in
 ip helper-address 192.168.200.10
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no snmp trap link-status
 no cdp enable
!
interface Serial0
 description T1(1.54M) to Internet
 ip address 12.119.206.86 255.255.255.252
 ip access-group sdm_serial0_in_test in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 fair-queue
 service-module t1 remote-alarm-enable
 no cdp enable
!
router rip
 version 2
 passive-interface FastEthernet0.20
 passive-interface Serial0
 network 192.168.200.0
!
ip default-gateway 12.119.206.85
ip nat translation timeout 14400
ip nat translation tcp-timeout 14400
ip nat translation pptp-timeout 14400
ip nat translation finrst-timeout 240
ip nat translation syn-timeout 240
ip nat translation dns-timeout 120
ip nat translation port-timeout udp 53 120
ip nat inside source list WebAccess interface Serial0 overload
ip nat inside source static tcp 192.168.200.253 80 12.96.76.67 80
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.119.206.85 permanent
ip route 12.0.0.0 255.0.0.0 12.119.206.85
ip route 192.168.211.0 255.255.255.0 192.168.200.5 permanent
ip route 192.168.212.0 255.255.255.0 192.168.200.5 permanent
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000


Re: Newbie Port Forwarding Question
Here is the solution

ip nat inside source static tcp (destination ip) 25 (source ip) 25
extendable

This will forward port 25 from the source ip ( serial, dialer 0 etc) to
any host (destination ip) port 25

Don't forget the port number after source and destination ip's and
extendable command at the end.

Hope this helps. I know it works as i forward smtp from an adsl dialer
at work to our exchange server.

Have a nice xmas and all the best from Scotland.
Frank wrote:

Quoted text here. Click to load it


Re: Newbie Port Forwarding Question
If you have an internal mail server on the ip address lets say
192.168.200.7 then you would configure it as such

ip nat inside source static tcp 192.168.200.7 25 12.119.206.86 25
extendable

This forwards incoming smtp on your serial interface to smtp port on
you mail server.

P.s a little tip for ya

never use your real addressing scheme on forums, change the public
address's to summit else.


tweety wrote:

Quoted text here. Click to load it


Re: Newbie Port Forwarding Question
Hi Frank,

There are a few details u didn't provide:

1. Are you forwarding to a mail server outside your newtork?
2. if yes, do u have a relay server within your network or is everyone
supposed to be able to send out on their own.

what you need to do if question 1 is true is to create an extended
access-list permitting everyone(?) to do smtp traffic to the host (mail
server).

router(config)#access-list 101 permit tcp any host w.x.y.z eq smtp

where w.x.y.z is the ip address of the external mail server.

oscarabuja


Frank wrote:
Quoted text here. Click to load it


Site Timeline