Copyright (c) 2008 Don R. Crawley
Recently, a university student from among our tutorials expected with regards to interface forwarding about some sort of router. She desired to enable PPTP customers to help connect in the in the garden to some sort of VPN equipment to the inside. In this specific article, I'll describe the way to get it done along with a easy check out making use of static NAT to be able to forward packets to a web server.
Port Forwarding on the Cisco Router
Sometimes many of us have internal assets in which ought to often be Internet-accessible like Web servers, mailbox servers, or VPN servers. Generally, I suggest separating these means inside a DMZ to protect your current place of work LAN from this bad guys, but regardless of how you decide to style it, the actual course of action will involve forwarding wanted packets in the router's outside software to an bodily host. It's actually a pretty basic process. Here's the particular configuration on the Cisco 2611 router:
interface Ethernet0/1ip handle 12.1.2.3 255.255.255.0ip nat outside!interface Ethernet0/0ip correct 192.168.101.1 255.255.255.0ip nat inside!ip nat inside source variety 101 software Ethernet0/1 overloadip nat interior origin static tcp 192.168.101.2 1723 software Ethernet0/1 1723!access-list tips permit ip any any
In this previously mentioned configuration, Ethernet 0/1 is associated with anyone Internet with a static target connected with 12.1.2.3 in addition to Ethernet 0/0 is actually attached to the inside system together with a static handle of 192.168.101.1. NAT outdoor is actually set up about E0/1 and also NAT within is definitely configured upon E0/0. Access-list material operates along with this "ip nat inside origin list information interface Ethernet0/1 overload" report to allow almost all on the inside website hosts to work with E0/1 in order to hook up to the Internet sharing what ever IP address will be issued to be able to user interface Ethernet E0/1.
The "overload" declaration implements PAT (Port Address Translation) which tends to make that will possible. (PAT makes it possible for many internal owners for you to talk about single target about a good alternative interface by appending different interface numbers to help each one connection.)
The declaration "ip nat on the inside reference static tcp 192.168.101.2 1723 user interface Ethernet0/1 1723" requires newly arriving opening 1723 (PPTP) demands about Ethernet0/1 plus ahead these individuals into the VPN machine positioned at 192.168.101.2.
You may possibly an issue equivalent which has a Web node simply by adjusting vent 1723 in order to interface 80 or maybe vent 443. Here's what that would glance like:
interface Ethernet0/1ip deal with 12.1.2.3 255.255.255.0ip nat outside!interface Ethernet0/0ip target 192.168.101.1 255.255.255.0ip nat inside!ip nat on the inside form number 101 user interface Ethernet0/1 overloadip nat inside reference static tcp 192.168.101.2 eighty user interface Ethernet0/1 80!access-list 101 permit ip virtually any any
In this example, the internet server is found from 192.168.101.2 plus as an alternative to forwarding PPTP (port 1723) traffic, we have been forwarding HTTP (port 80) traffic.
Obviously, everyone might configure your Cisco router within a similar method that will forwards virtually any sort of traffic from a strong outside software to an inner host.
access point vs router
Niciun comentariu:
Trimiteți un comentariu