Newbie Port Forwarding Question

Thanks to everyone in advance. I am stuck in the middle of a project where there was an existing Cisco 1720 that looks like it had grown out of control. I have no experience with cisco other than what I have learned in the groups. I think what I need to do is basic, but I am struggling. I need to forward all SMTP traffic to a specific ip address. Can I just create an access list at the very beginning? Is there anything special I need to do with the interfaces? Any help would be very much appreciated.

Here is a little snippet of the code:

ip subnet-zero no ip source-route ! ! ip tftp source-interface FastEthernet0 ip domain name ip name-server ip name-server ! no ip cef ip audit po max-events 100 ftp-server enable ! ! username admin privilege 15 secret 5 username slefevre privilege 15 secret 5 ! ! ! interface FastEthernet0 description $ETH-LAN$ ip address ip nat inside ip route-cache flow speed auto full-duplex ! interface FastEthernet0.20 description DMZ Interface encapsulation dot1Q 20 ip address ip access-group sdm_fastethernet0.20_in in ip helper-address no ip redirects no ip unreachables no ip proxy-arp no snmp trap link-status no cdp enable ! interface Serial0 description T1(1.54M) to Internet ip address ip access-group sdm_serial0_in_test in no ip redirects no ip unreachables no ip proxy-arp ip nat outside encapsulation ppp ip route-cache flow fair-queue service-module t1 remote-alarm-enable no cdp enable ! router rip version 2 passive-interface FastEthernet0.20 passive-interface Serial0 network ! ip default-gateway ip nat translation timeout 14400 ip nat translation tcp-timeout 14400 ip nat translation pptp-timeout 14400 ip nat translation finrst-timeout 240 ip nat translation syn-timeout 240 ip nat translation dns-timeout 120 ip nat translation port-timeout udp 53 120 ip nat inside source list WebAccess interface Serial0 overload ip nat inside source static tcp 80 80 extendable ip classless ip route permanent ip route ip route permanent ip route permanent ip http server ip http authentication local no ip http secure-server ip http timeout-policy idle 600 life 86400 requests 10000

Reply to
Loading thread data ...

Reply to
Walter Roberson

Firstly you will need to set up a NAT and forward your mail to that IP. The NAT line should look something like:

! ip nat inside source static tcp 192.168.200.X 25 A.B.C.D 25 !

You can look at the translations with: show ip nat trans

Then depending on what interface you are using for ingress you will need to allow "A.B.C.D:25" into that interface. Looks like there are the following ACL's, obviously you should add the line before the final deny on the correct ACL :-) : sdm_fastethernet0.20_in sdm_serial0_in_test

Cisco has some very good logging, if you have a syslog server point the logs to it and watch nearly real time. Very useful.

! logging host 192.168.200.X logging trap debug !


Walter Robers> [Punting this over to Follow-ups set.]

Reply to
Wil Schultz

It's possible that I may have understood what you are trying to do... My last post is assuming you have a mail server on the inside and are attempting to forward mail to this box from the outside.


Wil Schultz wrote:

Reply to
Wil Schultz Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.