Have a question or want to start a discussion? Post it! No Registration Necessary.
Now with pictures!
Subject
- Posted on
Newbie Port Forwarding Question
- 12-09-2006
December 9, 2006, 11:32 pm

Thanks to everyone in advance. I am stuck in the middle of a project
where there was an existing Cisco 1720 that looks like it had grown out
of control. I have no experience with cisco other than what I have
learned in the groups. I think what I need to do is basic, but I am
struggling. I need to forward all SMTP traffic to a specific ip
address. Can I just create an access list at the very beginning? Is
there anything special I need to do with the interfaces? Any help
would be very much appreciated.
Here is a little snippet of the code:
ip subnet-zero
no ip source-route
!
!
ip tftp source-interface FastEthernet0
ip domain name indy.local135.com
ip name-server 192.168.200.10
ip name-server 192.168.200.12
!
no ip cef
ip audit po max-events 100
ftp-server enable
!
!
username admin privilege 15 secret 5
username slefevre privilege 15 secret 5
!
!
!
interface FastEthernet0
description $ETH-LAN$
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet0.20
description DMZ Interface
encapsulation dot1Q 20
ip address 12.96.76.70 255.255.255.248
ip access-group sdm_fastethernet0.20_in in
ip helper-address 192.168.200.10
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
no cdp enable
!
interface Serial0
description T1(1.54M) to Internet
ip address 12.119.206.86 255.255.255.252
ip access-group sdm_serial0_in_test in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
ip route-cache flow
fair-queue
service-module t1 remote-alarm-enable
no cdp enable
!
router rip
version 2
passive-interface FastEthernet0.20
passive-interface Serial0
network 192.168.200.0
!
ip default-gateway 12.119.206.85
ip nat translation timeout 14400
ip nat translation tcp-timeout 14400
ip nat translation pptp-timeout 14400
ip nat translation finrst-timeout 240
ip nat translation syn-timeout 240
ip nat translation dns-timeout 120
ip nat translation port-timeout udp 53 120
ip nat inside source list WebAccess interface Serial0 overload
ip nat inside source static tcp 192.168.200.253 80 12.96.76.67 80
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.119.206.85 permanent
ip route 12.0.0.0 255.0.0.0 12.119.206.85
ip route 192.168.211.0 255.255.255.0 192.168.200.5 permanent
ip route 192.168.212.0 255.255.255.0 192.168.200.5 permanent
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
where there was an existing Cisco 1720 that looks like it had grown out
of control. I have no experience with cisco other than what I have
learned in the groups. I think what I need to do is basic, but I am
struggling. I need to forward all SMTP traffic to a specific ip
address. Can I just create an access list at the very beginning? Is
there anything special I need to do with the interfaces? Any help
would be very much appreciated.
Here is a little snippet of the code:
ip subnet-zero
no ip source-route
!
!
ip tftp source-interface FastEthernet0
ip domain name indy.local135.com
ip name-server 192.168.200.10
ip name-server 192.168.200.12
!
no ip cef
ip audit po max-events 100
ftp-server enable
!
!
username admin privilege 15 secret 5
username slefevre privilege 15 secret 5
!
!
!
interface FastEthernet0
description $ETH-LAN$
ip address 192.168.200.1 255.255.255.0
ip nat inside
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet0.20
description DMZ Interface
encapsulation dot1Q 20
ip address 12.96.76.70 255.255.255.248
ip access-group sdm_fastethernet0.20_in in
ip helper-address 192.168.200.10
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
no cdp enable
!
interface Serial0
description T1(1.54M) to Internet
ip address 12.119.206.86 255.255.255.252
ip access-group sdm_serial0_in_test in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
ip route-cache flow
fair-queue
service-module t1 remote-alarm-enable
no cdp enable
!
router rip
version 2
passive-interface FastEthernet0.20
passive-interface Serial0
network 192.168.200.0
!
ip default-gateway 12.119.206.85
ip nat translation timeout 14400
ip nat translation tcp-timeout 14400
ip nat translation pptp-timeout 14400
ip nat translation finrst-timeout 240
ip nat translation syn-timeout 240
ip nat translation dns-timeout 120
ip nat translation port-timeout udp 53 120
ip nat inside source list WebAccess interface Serial0 overload
ip nat inside source static tcp 192.168.200.253 80 12.96.76.67 80
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 12.119.206.85 permanent
ip route 12.0.0.0 255.0.0.0 12.119.206.85
ip route 192.168.211.0 255.255.255.0 192.168.200.5 permanent
ip route 192.168.212.0 255.255.255.0 192.168.200.5 permanent
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000

Re: Newbie Port Forwarding Question
ip nat inside source static tcp (destination ip) 25 (source ip) 25
extendable
This will forward port 25 from the source ip ( serial, dialer 0 etc) to
any host (destination ip) port 25
Don't forget the port number after source and destination ip's and
extendable command at the end.
Hope this helps. I know it works as i forward smtp from an adsl dialer
at work to our exchange server.
Have a nice xmas and all the best from Scotland.
Frank wrote:


Re: Newbie Port Forwarding Question
If you have an internal mail server on the ip address lets say
192.168.200.7 then you would configure it as such
ip nat inside source static tcp 192.168.200.7 25 12.119.206.86 25
extendable
This forwards incoming smtp on your serial interface to smtp port on
you mail server.
P.s a little tip for ya
never use your real addressing scheme on forums, change the public
address's to summit else.
tweety wrote:

192.168.200.7 then you would configure it as such
ip nat inside source static tcp 192.168.200.7 25 12.119.206.86 25
extendable
This forwards incoming smtp on your serial interface to smtp port on
you mail server.
P.s a little tip for ya
never use your real addressing scheme on forums, change the public
address's to summit else.
tweety wrote:


Re: Newbie Port Forwarding Question
There are a few details u didn't provide:
1. Are you forwarding to a mail server outside your newtork?
2. if yes, do u have a relay server within your network or is everyone
supposed to be able to send out on their own.
what you need to do if question 1 is true is to create an extended
access-list permitting everyone(?) to do smtp traffic to the host (mail
server).
router(config)#access-list 101 permit tcp any host w.x.y.z eq smtp
where w.x.y.z is the ip address of the external mail server.
oscarabuja
Frank wrote:

Site Timeline
- » Making The Pirate Bay obsolete
- — Next thread in » Cisco Certification
-
- » 840-801 Prep and exam sims
- — Previous thread in » Cisco Certification
-
- » Multiple Jobs Corp - Corp. Windows Data Access Management - Information Security &...
- — Newest thread in » Cisco Certification
-
- » How r u doing Jeff L.? Hope ur ok
- — The site's Newest Thread. Posted in » Wireless Networking
-