Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

1603 Opening ports help

Status
Not open for further replies.
taylor13

taylor13

Technical User
Sep 29, 2003
6
AU
I have a simple home setup compiling of the Cisco 1603 router connected to a NT1 Plus 11 via ISDN. Took me a long time to get this thing up and running but it is running quite well.

Only drama is I cannot connect to some gaming sites as I only have 3 ports open, also I cannot use telnet or hyperterminal as I can't type anything in there.

My config is below if somebody would be so kind to have a look and tell me how and what ACL I need to put in to access in/out traffic.

! ******************************************************************
! Cisco1603.cfg - Cisco router configuration file
! Automatically created by Cisco ConfigMaker v2.6 Build 6
! Monday, September 29, 2003, 09:08:42 PM
!
! Hostname: Cisco1603
! Model: 1603
! ******************************************************************
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Cisco1603
!
enable password xxxxxxx
!
ip name-server 203.220.xx.xxx
!
isdn switch-type basic-net3
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface Dialer 1
description connected to Internet
ip address negotiated
ip nat outside
no ip split-horizon
encapsulation ppp
dialer in-band
dialer idle-timeout 120
dialer string 0198333424
dialer hold-queue 10
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx
ppp chap password xxxxxxx
ppp pap sent-username xxxxxxxx password xxxxxx
no ppp multilink
no cdp enable
!
interface Ethernet 0
no shutdown
description connected to EthernetLAN
ip address 192.168.x.x 255.255.255.0
ip nat inside
keepalive 10
!
interface BRI 0
no shutdown
description connected to Internet
no ip address
dialer rotary-group 1
!
interface Serial 0
no description
no ip address
shutdown
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.0.0 0.0.0.255
!
! Dialer Control List 1
!
no dialer-list 1
dialer-list 1 protocol ip permit
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Dialer 1 overload
!
router rip
version 2
network 192.168.0.0
passive-interface Dialer 1
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Dialer 1
ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
snmp-server host 192.168.x.x private
!
line console 0
exec-timeout 0 0
password xxxxxx
login
!
line vty 0 4
password xxxxxx
login
!
end

Is there an easy way of editing the config also, if I could get the telnet port open it might work.

Cheers,

Jason
 
Sort by date Sort by votes
Jason,
You don't appear to have any access-list active, so the reason that your gaming sites may not be working is due to the NAT translation and how the gaming protocol communicates to your end system. Perhaps some of the gamers out there can shed some light on this.

As for telneting, are you doing this from the command line or from hyperterminal? Perhaps your hyperterminal software is corrupt. Try downloading a new telnet program. Secure CRT is what I use, but I think it may require a license. Others on the forum may have a list of freeware telnet programs which they can recommend, otherwise search Google.

JimmyZ
 
Upvote 0 Downvote
Thnk for the reply JimmyZ, yep I noticed that I have no access list active but because I cannot gain access through Telnet or Hyperterminal I cannot change it.

The ports I would like to open are 80, 443, 9999, 6667, 28800-29100, how would I go about writing a ACL for these in conjunction with my above config.

Cheers,

Jason
 
Upvote 0 Downvote
Taylor, as the Good JimmyZz said you have no Access-list active that would block these ports. In fact, by default all the ports you mentioned are open. I agree with JimmyZz on NAT causing the problem with your connecting to certain sites. There may be ways around that but I'm not an avid gamer so I don't know.
 
Upvote 0 Downvote
Jason you are right, you need to forward all incoming traffic on those ports to your computer.
I assume you can access the router via http? If so you can add the lines you need. You'll need to set your computer to a static IP so you have a fixed address to forward to, let's assume this is 192.168.0.3 and that the port you need to forward is 80.
The command which you'll need to add instruction by instruction via http is
"ip nat inside source static tcp 192.168.0.3 80 interface dialer1 80"

Hope this helps

Sean
 
Upvote 0 Downvote
Hi Guys,

Still can't access zone.msn.com to play online games, have changed my config to point the incoming traffic to the ports i have put in. Could someone please have a look at the config i have now and tell me if i am on the right track.


Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1603
!
enable password xxxxxxxx
!
ip subnet-zero
ip name-server xxx.xxx.x.x
ip name-server xxx.xxx.x.x
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.0.2 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string xxxxxxxxx
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx
ppp chap password xxxxxxxx
ppp pap sent-username xxxxxxx password xxxxxxxxx
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 443 interface Dialer1 443
ip nat inside source static tcp 192.168.0.2 3767 interface Dialer1 3767
ip nat inside source static udp 192.168.0.2 3767 interface Dialer1 3767
ip nat inside source static tcp 192.168.0.2 5900 interface Dialer1 5900
ip nat inside source static tcp 192.168.0.2 6667 interface Dialer1 6667
ip nat inside source static tcp 192.168.0.2 999 interface Dialer1 9999
ip nat inside source static tcp 192.168.0.2 6073 interface Dialer1 6073
ip nat inside source static tcp 192.168.0.2 2302 interface Dialer1 2302
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RW
snmp-server host 192.168.0.1 traps public
!
line con 0
exec-timeout 0 0
password xxxxxxxxxxx
login
transport input none
line vty 0 4
password xxxxxxxxxx
login
!
end



Thanks,

Jason
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
685
Jared R
Jared R
BleuBell
  • Locked
  • Question
Command Rejected : Exceeded NNI ports Allowed
Replies
0
Views
312
BleuBell
BleuBell
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat 1
Replies
1
Views
876
BIS
BIS
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
346
bfordz
bfordz
DigiByte34
  • Locked
  • Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
848
DigiByte34
DigiByte34

Part and Inventory Search

Sponsor

Back
Top