1. Home
  2. Cisco Certification
  3. Newbie Port Forwarding Question

Newbie Port Forwarding Question

Thanks to everyone in advance. I am stuck in the middle of a project where there was an existing Cisco 1720 that looks like it had grown out of control. I have no experience with cisco other than what I have learned in the groups. I think what I need to do is basic, but I am struggling. I need to forward all SMTP traffic to a specific ip address. Can I just create an access list at the very beginning? Is there anything special I need to do with the interfaces? Any help would be very much appreciated.

Here is a little snippet of the code:

ip subnet-zero no ip source-route ! ! ip tftp source-interface FastEthernet0 ip domain name indy.local135.com ip name-server 192.168.200.10 ip name-server 192.168.200.12 ! no ip cef ip audit po max-events 100 ftp-server enable ! ! username admin privilege 15 secret 5 username slefevre privilege 15 secret 5 ! ! ! interface FastEthernet0 description $ETH-LAN$ ip address 192.168.200.1 255.255.255.0 ip nat inside ip route-cache flow speed auto full-duplex ! interface FastEthernet0.20 description DMZ Interface encapsulation dot1Q 20 ip address 12.96.76.70 255.255.255.248 ip access-group sdm_fastethernet0.20_in in ip helper-address 192.168.200.10 no ip redirects no ip unreachables no ip proxy-arp no snmp trap link-status no cdp enable ! interface Serial0 description T1(1.54M) to Internet ip address 12.119.206.86 255.255.255.252 ip access-group sdm_serial0_in_test in no ip redirects no ip unreachables no ip proxy-arp ip nat outside encapsulation ppp ip route-cache flow fair-queue service-module t1 remote-alarm-enable no cdp enable ! router rip version 2 passive-interface FastEthernet0.20 passive-interface Serial0 network 192.168.200.0 ! ip default-gateway 12.119.206.85 ip nat translation timeout 14400 ip nat translation tcp-timeout 14400 ip nat translation pptp-timeout 14400 ip nat translation finrst-timeout 240 ip nat translation syn-timeout 240 ip nat translation dns-timeout 120 ip nat translation port-timeout udp 53 120 ip nat inside source list WebAccess interface Serial0 overload ip nat inside source static tcp 192.168.200.253 80 12.96.76.67 80 extendable ip classless ip route 0.0.0.0 0.0.0.0 12.119.206.85 permanent ip route 12.0.0.0 255.0.0.0 12.119.206.85 ip route 192.168.211.0 255.255.255.0 192.168.200.5 permanent ip route 192.168.212.0 255.255.255.0 192.168.200.5 permanent ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000

Reply to
Frank
Loading thread data ...

Hi Frank,

There are a few details u didn't provide:

  1. Are you forwarding to a mail server outside your newtork?
  2. if yes, do u have a relay server within your network or is everyone supposed to be able to send out on their own.

what you need to do if question 1 is true is to create an extended access-list permitting everyone(?) to do smtp traffic to the host (mail server).

router(config)#access-list 101 permit tcp any host w.x.y.z eq smtp

where w.x.y.z is the ip address of the external mail server.

oscarabuja

Frank wrote:

Reply to
oscarabuja

Here is the solution

ip nat inside source static tcp (destination ip) 25 (source ip) 25 extendable

This will forward port 25 from the source ip ( serial, dialer 0 etc) to any host (destination ip) port 25

Don't forget the port number after source and destination ip's and extendable command at the end.

H> Thanks to everyone in advance. I am stuck in the middle of a project

Reply to
tweety

If you have an internal mail server on the ip address lets say

192.168.200.7 then you would configure it as such

ip nat inside source static tcp 192.168.200.7 25 12.119.206.86 25 extendable

This forwards incoming smtp on your serial interface to smtp port on you mail server.

P.s a little tip for ya

never use your real addressing scheme on forums, change the public address's to summit else.

tweety wrote:

Reply to
tweety

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.