Hi All,
I have recently acquired a SOHO 77 adsl router and an 827H adsl router . I've managed to configure them as far as connecting via PPPOE to the ISP, and allowing LAN users to access the internet. The soho 77 will be acting as a DHCP server for its LAN.
I have a few questions about the setups though. I'm reasonably new to IOS, learning from the docs I can find on the internet.
With the 77, what I want to be able to do is basically lock off the router externally. I dont want to be able to ping it, and any connections to it need to be dropped. Essentially it has to be a stateful firewall. Is this at all possible? I've read some stuff on reflexing, which sounds about right, but I'm not too sure. I also want to be able to portforward things such as port 80 into an internal server. How do I go about doing this?
The 827 is used in a slightly different config. What I want it to do is just handle the PPPOE connection, NAT the stuff internally going out, and forward everything hitting it externally to the firewall it is connected to. This will then handle the rest of the routing and forwarding in regards to the DMZ and internal hosts.
ISP | | atm0
827 Router eth0 | | eth2 Internal router eth0 eth1 | | | +----> DMZ LANHow do I go about setting this up? I am aware of the implications of the double-nat'ting, but I know what I need to be able to do. Basically, in this scenario, I have been having problems with the internal router's PPPOE conncetion dropping out frequently, and would prefer to offload it to something more manageable and reliable.
Would it be easier to swap the SOHO77 and the 827's roles due to the differences in the units?
Any help on this would be muchly appreciated!
Thankyou, Mike
For reference:
Software version (SOHO 77):
----------------------------------------------
Cisco Internetwork Operating System Software IOS (tm) SOHO70 Software (SOHO70-Y1-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Technical Support:
ROM: System Bootstrap, Version 12.1(3r)XP, RELEASE SOFTWARE (fc1) ROM: SOHO70 Software (SOHO70-Y1-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Router uptime is 3 minutes System returned to ROM by power-on System image file is "flash:soho70-y1-mz.123-15.bin"
CISCO SOHO 77 (MPC855T) processor (revision 0x502) with 15360K/1024K bytes of me mory. Processor board ID JAD0538077U (3097123825), with hardware revision 0000 CPU rev number 5 Bridging software.
1 Ethernet/IEEE 802.3 interface(s) 1 ATM network interface(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write)Configuration register is 0x2102
----------------------------------------------
Software version (827):
---------------------------------------------- Cisco Internetwork Operating System Software IOS (tm) C820 Software (C820-OY6-M), Version 12.3(15), RELEASE SOFTWARE (fc3) Technical Support:
ROM: System Bootstrap, Version 12.2(4r)XM2, RELEASE SOFTWARE (fc1) ROM: C820 Software (C820-OY6-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
Router uptime is 5 minutes System returned to ROM by power-on System image file is "flash:c820-oy6-mz.123-15.bin"
CISCO C827H (MPC855T) processor (revision 0x401) with 31744K/1024K bytes of memo ry. Processor board ID FOC064308KL (1607207016), with hardware revision F9C0 CPU rev number 5 Bridging software.
1 Ethernet/IEEE 802.3 interface(s) 1 ATM network interface(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write)Configuration register is 0x2102
----------------------------------------------