I'm currently setup using nat overloading on a 3620 and have a few ports static forwarded which is working great. my question is how would the ip nat syntax differ to forward a range of ports for say pasv ftp? could someone provide some examples? I'm also trying to setup ipv6to4 tunnelling to hurricane electric and i've configured the tunnel with a couple different setups. I can ping6 the internal /64 gateway but i'm unaware why my router is unable to ping the ipv6 endpoint at he. Any suggestions there would be welcome aswell. I've included a copy of my current config below which is most likely a work in progress :) Thanks in advance.
matterhorn#sh run Building configuration...
Current configuration : 2948 bytes ! version 12.3 service timestamps debug uptime service timestamps log uptime service password-encryption no service dhcp ! hostname matterhorn ! boot-start-marker boot-end-marker ! enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx enable password 7 xxxxxxxxxxxxxxxxx ! memory-size iomem 15 clock timezone UTC -6 no aaa new-model ip subnet-zero ! ! ip cef no ip domain lookup ip domain name xxxxxxxxxxxxx.com ! ip audit po max-events 100 ip ssh time-out 60 ipv6 unicast-routing ! ! ! ! ! ! ! ! ! ! ! ! username user password 7 xxxxxxxxxxxxxxxxx ! ! ! ! ! ! interface Loopback0 ip address 192.168.9.1 255.255.255.0 ! interface Tunnel0 no ip address no ip redirects ipv6 address 2001:470:1F01:xxxx::FDD/127 tunnel source Ethernet0/0 tunnel mode ipv6ip 6to4 ! interface Ethernet0/0 description Outside interface to VLAN/DMZ ip address dhcp ip nat outside half-duplex no cdp enable ! interface Ethernet0/1 description Outside interface to VLAN/LAN ip address 192.168.0.xxx 255.255.255.0 ip nat inside full-duplex ipv6 address 2001:470:1F01:xxxx::1/64 ipv6 enable ! interface Ethernet0/1.2 encapsulation dot1Q 2 shutdown no snmp trap link-status no cdp enable ! interface Ethernet0/1.4 encapsulation dot1Q 7 shutdown no snmp trap link-status ! interface Serial1/0 ip address 172.16.35.254 255.255.255.0 clock rate 128000 ! interface Serial1/1 no ip address clock rate 128000 ! interface Serial1/2 ip address 192.168.42.3 255.255.255.0 shutdown clock rate 128000 ! interface Serial1/3 no ip address shutdown ! router eigrp 100 passive-interface Loopback0 network 192.168.0.0 auto-summary ! ip nat inside source list 1 interface Ethernet0/0 overload ip nat inside source static tcp 192.168.0.xxx 2160 interface Ethernet0/0
2160 ip nat inside source static tcp 192.168.0.xxx 22 interface Ethernet0/0 22 ip nat inside source static tcp 192.168.0.xxx 80 interface Ethernet0/0 80 no ip http server no ip http secure-server ip classless ! ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 60 permit 192.168.0.0 0.0.0.255 access-list 107 deny ip 10.0.0.0 0.255.255.255 any log access-list 107 deny ip 172.0.0.0 0.255.255.255 any log access-list 107 deny ip 255.0.0.0 0.255.255.255 any log access-list 107 deny ip 224.0.0.0 0.255.255.255 any log access-list 107 deny tcp any any eq finger access-list 107 deny icmp any any echo log access-list 107 permit ip any any ! snmp-server engineID local 000000090200003080C52F80 snmp-server community snmp view cursociscodefault RO snmp-server community xxxxxxx@es0 RW snmp-server community xxxxxxxx RW 60 snmp-server contact snipped-for-privacy@xxxxxxxxxxx.com snmp-server enable traps tty ! ! dial-peer cor custom ! ! ! ! ! line con 0 password 7 xxxxxxxxxxxxxxxxx login line aux 0 exec-timeout 60 0 password 7 xxxxxxxxxxxxxxxx login line vty 0 4 access-class 1 in exec-timeout 0 0 password 7 xxxxxxxxxxxxxxxx login ! scheduler process-watchdog terminate ! end