Pointer in the correct direction...

Hi, would someone please give me a pointer in the correct direction?

I would like to think that I'm a fairly experienced Linux IPTables user, but I am a novice when it comes to Cisco IOS and NATing. I have a Cisco Catalyst 5000 Route Switch Module (based on the 7000? router) that I would like to configure some more than basic NATing on. I have the router configured to do NATing between my private home LAN and the internet (DSL) connection. With my ISP's permission, I'm wanting to port forward port 119 on my external IP to my ISP's news server for one specific IP on the net (my office). Before you start to say that I should just connect to the IP in question directly, I can not because it is firewalled from the world in general. Before you start to say that I should not try to circumvent the firewall, I *HAVE* spoken to my ISP and gotten permission (in writing) to do what I'm wanting to do for ONLY my controlled IP at the office.

In Linux IPTables this would be as simple as the following two rules:

(Presuming that the traffic is not filtered elsewhere.)

iptables -t nat -A PREROUTING -i $WAN -s $WorkIP -d $WANIP -p TCP --dport

119 -j DNAT --to-destination $NewsServerIP iptables -t nat -A POSTROUTING -o $WAN -s $WorkIP -d $NewsServerIP -p TCP

--dport 119 -j SNAT --to-source $WANIP

So the question is, how would I do this type of thing with Cisco IOS's NAT stack. Is this possible? Below you will find the output of "show version", which I think should tell you what you need to know about the router in question. If there is something else that you need to know pleas ask.

What I would really love is for someone that knows Cisco IOS & NATing very well to point me in the direction of some good documentation and then be willing to answer a few questions after I do some more homework.

tncrtr02-gw#show version Cisco Internetwork Operating System Software IOS (tm) C5RSM Software (C5RSM-IO3SV56I-M), Version 12.1(2), RELEASE SOFTWARE (fc1) Copyright (c) 1986-2000 by cisco Systems, Inc. Compiled Wed 10-May-00 19:19 by linda Image text-base: 0x60010908, data-base: 0x61100000

ROM: System Bootstrap, Version 11.2(17523) [mohsen 102], INTERIM SOFTWARE BOOTFLASH: C5RSM Software (C5RSM-BOOT-M), Version 12.0(21a), RELEASE SOFTWARE (fc1)

tncrtr02-gw uptime is 4 weeks, 1 day, 1 hour, 16 minutes System returned to ROM by reload System image file is "slot0:c5rsm-io3sv56i-mz.121-2.bin"

cisco RSP2 (R4700) processor with 131072K/2072K bytes of memory. R4700 CPU at 100Mhz, Implementation 33, Rev 1.0 Last reset from power-on G.703/E1 software, Version 1.0. G.703/JT2 software, Version 1.0. X.25 software, Version 3.0.0. Bridging software.

1 C5IP controller (4 Vlan). 3 Virtual Ethernet/IEEE 802.3 interface(s) 1 Virtual Token Ring/IEEE 802 .5 interface(s) 123K bytes of non-volatile configuration memory.

20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).

8192K bytes of Flash internal SIMM (Sector size 256K). Configuration register is 0x10F

Thank you, and have a nice day. :)

Grant. . . .

Reply to
Taylor, Grant
Loading thread data ...

Not sure if IOS 12.1 supports PAT port forwarding.

You couuld try to see if the following commands are accepted

ip nat inside source static tcp 119 interface 119

or

ip nat inside source static tcp 119 119

These commands would redirected all NNTP traffic, not sure how this is done for just one particular inbound source address.

Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.