mapping range of ports on Cisco SOHO 77

Hi all,

I've been trying to map a range of ports to an internal IP address for some time now and I just can't seem to figure it out.

For a single portmapping I could for example use this:

ip nat inside source static tcp 192.168.100.102 25 66.239.153.194 25

The above works. But I need to map a whole range of ports from 25 upto and including

50 to 192.168.100.102.

Does anybody know what the command is?

I've also experimented with extended access lists.

I've used:

access-list 110 permit tcp any host 192.168.100.102 range 25 50

or

access-list 110 permit tcp any any range25 50

And other variations but none of them work.

Can anyone point me in the right direction?

Any help is very much appreciated!

Mofo.

Reply to
Mofoshaweng
Loading thread data ...

Hi,

I think you cant map a range of ports to an internal host with a range of ports as you described. Someone please correct me if I'm wrong!

You would have to a line for each mapping that you want to forward like the one you posted for SMTP........lots of lines!

Can I ask why you want to map that range?

Rob

Reply to
RobO

In article , RobO wrote: :I think you cant map a range of ports to an internal host with a range :of ports as you described. :Someone please correct me if I'm wrong!

The OP was using IOS; I'm not as familiar with static PAT on that. On the PIX, there is no direct way to map a range of ports -- the most direct way is one line per port.

What is now possible on the PIX, as of PIX 6.3(4), is "policy static", in which you can specify a static address and an access list. The access list may specify ports (but may not have any 'deny' statements.) You may have to experiment in order to do any kind of mapping of port ranges, particularily in conjunction with 'any'. [You might only be able to map a port range for one IP to one IP... I have a description of the rules somewhere but it's messy and I have not had time to digest it.]

The PIX documentation is at

formatting link
You might perhaps be able to find something in it that parallels a facility in IOS.

On the other hand, SOHO 77 is probably not going to have the latest IOS, so there might not be any similar facility.

Reply to
Walter Roberson

Gary,

You could try an access list like follows:

access-list 110 permit 192.168.100.0 0.0.0.255

This would allow you access from ports 1-254 on the

192.168.100.0/24 network

Mark

Reply to
krame18

In article , krame18 wrote: : You could try an access list like follows:

: access-list 110 permit 192.168.100.0 0.0.0.255

: This would allow you access from ports 1-254 on the :192.168.100.0/24 network

I don't think that would even parse. In IOS, an access list numbered in the 100-199 range is an extended access list which requires a protocol after the 'permit' or 'deny' keyword; extended access lists also require both source and destination. And I've never seen a mask being used to define a port range.

Are you sure you aren't confusing addresses and ports? A port is a 16 bit number from 1 to 65535 that refers to a service at a particular IP address (which is a 32 bit number for IPv4).

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.