I’m trying to configure port forwarding (for a web server) on a Cisco uBR920 cable-modem router for a small start up company. I’ve tried everything I can think of but I just can’t get it to work.
Server IP: 10.1.1.253
Router: Cisco uBR920
IOS: IOS (tm) 920 Software (UBR920-K1V4Y5-M), Version 12.1(1)T
Interfaces are good – the LAN can access WAN traffic just fine. WAN can get to the router just fine (I’m configuring this from a remote site)
Running config:
Building configuration...
Current configuration:
!
! Last configuration change at 09:05:52 - Mon Jun 23 2003
! NVRAM config last updated at 08:34:03 - Mon Jun 23 2003
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname jscmptr-router
!
{enable passwords edited out}
!
!
!
!
!
clock timezone - 6
ip subnet-zero
ip dhcp excluded-address 10.1.1.250
ip dhcp excluded-address 10.1.1.1
ip dhcp excluded-address 10.1.1.2
ip dhcp excluded-address 10.1.1.19
ip dhcp excluded-address 10.1.1.251
ip dhcp excluded-address 10.1.1.252
ip dhcp excluded-address 10.1.1.253
ip dhcp excluded-address 10.1.1.254
ip dhcp excluded-address 10.1.1.10
ip dhcp excluded-address 10.1.1.3
ip dhcp excluded-address 10.1.1.4
ip dhcp excluded-address 10.1.1.5
!
ip dhcp pool j1
network 10.1.1.0 255.255.255.0
domain-name js-computers.com
dns-server 204.70.127.127
default-router 10.1.1.250
!
!
!
!
!
voice-port 0
input gain -2
!
voice-port 1
input gain -2
!
!
!
!
interface Loopback0
ip address 12.211.231.138 255.255.255.255
!
interface Ethernet0
ip address 10.1.1.250 255.255.255.0
ip nat inside
no ip mroute-cache
!
interface cable-modem0
ip address negotiated
ip nat outside
no ip mroute-cache
cable-modem boot admin 2
cable-modem boot oper 5
cable-modem downstream saved channel 609000000 56 5
cable-modem mac-timer t2 40000
no cable-modem compliant bridge
cable-modem dhcp-proxy nat j1
!
router rip
version 2
network 12.0.0.0
!
ip default-gateway 10.158.128.1
ip nat pool j1 12.211.231.138 12.211.231.138 netmask 255.255.254.0
ip nat inside source list 10 pool j1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.158.128.1
no ip http server
no ip http cable-monitor
!
!
ip access-list extended ports
permit tcp any any eq www
access-list 10 permit 10.1.1.0 0.0.0.255
snmp-server engineID local 00000009020000036BD6B880
snmp-server manager
!
line con 0
transport input none
line vty 0 4
password xxxxxxxx
login
!
end
After some looking around I found this thread: thread557-452445 and it seemed to be what I needed. I tried putting in a similar command (changing ips as nessicarry) recommended by ipconfig but it didn’t transfer well. (syntax was different enough I couldn’t translate it) I thought these lines (thought processs included) should work but they didn’t.
!ip nat outside source list [LIST name](Needs to be extended) pool{pool !name for local address} [pool name]
! That will take a packet, if it matches, translate it to the address !in pool. The access list should be extended to filter on port
!ip route [ip address] [subnet mask] [destination] (next hop)
! that's a static route. Intended use would be from the pool(proabbly !the 172.16 network to be routed to the server.
ip nat inside source list ports pool portTrans
ip nat pool portTrans 172.16.0.0 172.16.255.255 netmask 255.255.0.0
ip route 172.16.0.0 255.255.0.0 10.1.1.253
ip access-list extended ports
permit tcp any any eq www
remark Using this one for port forwaring/blocking
Referenced:
I've even tried the http server but to no success. I know I’m missing something but I don’t know what or how to get it to work. Is the answer staring me in the face? Any help would be greatly appreciated.
P.S. If the commands don’t work I quickly remove them.
Server IP: 10.1.1.253
Router: Cisco uBR920
IOS: IOS (tm) 920 Software (UBR920-K1V4Y5-M), Version 12.1(1)T
Interfaces are good – the LAN can access WAN traffic just fine. WAN can get to the router just fine (I’m configuring this from a remote site)
Running config:
Building configuration...
Current configuration:
!
! Last configuration change at 09:05:52 - Mon Jun 23 2003
! NVRAM config last updated at 08:34:03 - Mon Jun 23 2003
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname jscmptr-router
!
{enable passwords edited out}
!
!
!
!
!
clock timezone - 6
ip subnet-zero
ip dhcp excluded-address 10.1.1.250
ip dhcp excluded-address 10.1.1.1
ip dhcp excluded-address 10.1.1.2
ip dhcp excluded-address 10.1.1.19
ip dhcp excluded-address 10.1.1.251
ip dhcp excluded-address 10.1.1.252
ip dhcp excluded-address 10.1.1.253
ip dhcp excluded-address 10.1.1.254
ip dhcp excluded-address 10.1.1.10
ip dhcp excluded-address 10.1.1.3
ip dhcp excluded-address 10.1.1.4
ip dhcp excluded-address 10.1.1.5
!
ip dhcp pool j1
network 10.1.1.0 255.255.255.0
domain-name js-computers.com
dns-server 204.70.127.127
default-router 10.1.1.250
!
!
!
!
!
voice-port 0
input gain -2
!
voice-port 1
input gain -2
!
!
!
!
interface Loopback0
ip address 12.211.231.138 255.255.255.255
!
interface Ethernet0
ip address 10.1.1.250 255.255.255.0
ip nat inside
no ip mroute-cache
!
interface cable-modem0
ip address negotiated
ip nat outside
no ip mroute-cache
cable-modem boot admin 2
cable-modem boot oper 5
cable-modem downstream saved channel 609000000 56 5
cable-modem mac-timer t2 40000
no cable-modem compliant bridge
cable-modem dhcp-proxy nat j1
!
router rip
version 2
network 12.0.0.0
!
ip default-gateway 10.158.128.1
ip nat pool j1 12.211.231.138 12.211.231.138 netmask 255.255.254.0
ip nat inside source list 10 pool j1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.158.128.1
no ip http server
no ip http cable-monitor
!
!
ip access-list extended ports
permit tcp any any eq www
access-list 10 permit 10.1.1.0 0.0.0.255
snmp-server engineID local 00000009020000036BD6B880
snmp-server manager
!
line con 0
transport input none
line vty 0 4
password xxxxxxxx
login
!
end
After some looking around I found this thread: thread557-452445 and it seemed to be what I needed. I tried putting in a similar command (changing ips as nessicarry) recommended by ipconfig but it didn’t transfer well. (syntax was different enough I couldn’t translate it) I thought these lines (thought processs included) should work but they didn’t.
!ip nat outside source list [LIST name](Needs to be extended) pool{pool !name for local address} [pool name]
! That will take a packet, if it matches, translate it to the address !in pool. The access list should be extended to filter on port
!ip route [ip address] [subnet mask] [destination] (next hop)
! that's a static route. Intended use would be from the pool(proabbly !the 172.16 network to be routed to the server.
ip nat inside source list ports pool portTrans
ip nat pool portTrans 172.16.0.0 172.16.255.255 netmask 255.255.0.0
ip route 172.16.0.0 255.255.0.0 10.1.1.253
ip access-list extended ports
permit tcp any any eq www
remark Using this one for port forwaring/blocking
Referenced:
I've even tried the http server but to no success. I know I’m missing something but I don’t know what or how to get it to work. Is the answer staring me in the face? Any help would be greatly appreciated.
P.S. If the commands don’t work I quickly remove them.
