Cisco 1720: forwarding a port to a specific IP 3

[Danno49]

If anyone can be of service here, I would greatly appreciate it. I need to forward a port to a specific IP address in my network. I just need the syntax to do this as I am not a networking genius and do not have the time to become one.

Cisco 1720
Config Maker 2.6


Help please?

Danno49



Here is my current IOS. I did not program this myself and it is working so I am hestitant to change anything without the help of an expert.


!
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname MEMSRTR
!
enable password ******
!
ip name-server 207.230.75.34
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface FastEthernet 0
no shutdown
description connected to EthernetLAN
ip address 216.248.188.170 255.255.255.248
no ip directed-broadcast
keepalive 10
!
interface Serial 0
no shutdown
no description
service-module t1 clock source line
service-module t1 data-coding normal
service-module t1 remote-loopback full
service-module t1 framing esf
service-module t1 linecode b8zs
service-module t1 lbo none
service-module t1 remote-alarm-enable
no ip address
no ip directed-broadcast
encapsulation frame-relay
frame-relay lmi-type ansi
no fair-queue
!
interface Serial 0.1 point-to-point
no shutdown
description connected to Internet
ip address 10.22.7.78 255.255.255.252
no ip directed-broadcast
frame-relay interface-dlci 100
!
router rip
version 2
network 216.248.188.0
passive-interface Serial 0.1
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0.1
no ip http server
snmp-server community ITC-PubliC RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password ******
login
transport input none
!
line vty 0 4
password ******
login
!
! The following commands are not recognized by Cisco ConfigMaker
! and are therefore appended here.
!
service timestamps debug datetime msec
service timestamps log datetime msec
logging buffered 32000 debugging
memory-size iomem 25
!
interface FastEthernet 0
full-duplex
!
end

 

[IllegalOperation]

ip route x.x.x.x y.y.y.y z.z.z.z (hops)

x.x.x.x = ip address of the "port" you want forwarded
y.y.y.y = net mask of the ip address you want forwarded
z.z.z.z = ip address of the interface you want the port forwarded to
hops = number of hops (hop count) to travel, if needed

 

[MattWray]

I don't think that is what he meant. That is a static route.
Are you using NAT, I'm assuming.
sss-steel#config t
Enter configuration commands, one per line. End with CNTL/Z.
sss-steel(config)#ip nat inside source static tcp 192.168.xxx.xxx 80
That is what I have to forward outside traffic over port 80 to an internal machine, but do your research as I am no guru...

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

http://www.sss-steel.com

 

[Danno49]

I'm sorry. . .I should have been a tad more specific. I have a user who needs a specific TCP port opened for traffic to their specific machine.

We are using Symantec Enterprise firewall(definitely not my idea). I created a protocol and a rule to allow the traffic through it (the firewall). But I am told that the router needs to have the specific TCP port forwarded to the specific internal IP.

Please bare with me if I am not commmunicating what I am trying to accomplish properly. I am a neophyte on this level of configuration. If you need more information than I have provided, please indicate what you would like me to supply.

Thank you for taking the time to reply to me!

Danno49

 

[IPKONFIG]

Danno- If your firewall is allowing this "port" through, then you shouldn't have to modify the router in any way. The router should pass this traffic to the "destination" in question. Unless it's IPSEC, then you do have to make changes. Why don't you be a little more specific on what port it is that you want forwarded?

"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[Danno49]

OK. . .here ya go.

The user wants to use eDonkey, a P2P file sharing program. In a perfect world, or more accurately, in my world using a better doggone firewall, one wouldn't need to forward the TCP port from the router to the address in question. But Symantec Firewall bites and refuses to pass anything that it isn't specifically told to and even THEN it doesn't always work. Like seems to be the case now. The port I need to allow traffic to and from is 4662. I was told by the operators of the eDonkey server that because the firewall won't behave they would like it to that it would be necessary to forward the IP.

So there you have it. I thought this would be a pretty straight forward deal. Harrumph.

Thanks for any thoughts you may have. Helpful or otherwise. =

 

[Danno49]

I was able to make an agreement with the operators of the server so I won't need to tinker around with the settings on our router. Thanks to all for your help! I am relieved as I did not want to mess with a working router. It's darned reliable in it's current config.

Thanks again,
Danno49