Forwarding a range of ports in 8.4

Similar Messages

• Port Forwarding a Range in UC540 NAT

  Hi all,
  I am trying to forward a range of ports (55736-55863 for Synology  Surveillance Station) from the WAN interface to an internal IP on a Cisco UC540.  I'm not great with the CLI so I generally stick to CCA but right now I'm not even sure it's possible with the CLI.
  I've found this tutorial online: http://evilrouters.net/2010/05/25/port-forwarding-a-range-of-ports-on-cisco-ios/
  The first step in the tutorial is to setup a NAT IP Pool (which I *can* do in CCA) but unfortunately, the tutorial tells me to use the IP address of the internal device I want to foward the range of ports to but CCA (and its documentation) tells that the IP address must be on the same subnet as the WAN IP address?
  I tried following the tutorial anyway by telnetting in to the UC540 and entering the following via the CLI:
  UC540 config t
  UC540 ip nat pool PORTFWD 192.168.12.121 192.168.12.121 netmask 255.255.255.0 type rotary
  UC540 access-list 121 permit udp any any range 55736 55863
  UC540 ip nat inside destination list 121 pool PORTFWD
  I can now see the 121 access list in CCA, although it has no Interface or Direction assigned to it?
  Does anyone know if this is possible?  I really don't fancy setting up 127 entries in the NAT table!
  Thanks in advance everyone!

  The range isn't going to work in CCA.  As you are probably aware, CCA has limits to what it can do, even if something can be done in the CLI.
  That being said, I think this is a better write up on how to do this:
  http://ping8888.com/2014/01/21/cisco-ios-port-forwarding-pat/

• Configure static NAT for range of ports

  Hi,
  I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?
  As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?
  ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
  ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
  ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
  ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001
  and so on...
  Is this the correct way to do it, or is there another better way?
  Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:
  ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
  ip nat inside source list NAT_ACL pool PATPOOL overload     
  ip access-list standard NAT_ACL
   remark PAT to outside
   permit 192.168.1.0 0.0.0.255
   exit
  My question with this is will the static NAT work if I already have NAT overload configured as above?
  Thanks for the help in advance.
  Austin
  PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/

  I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to. 
  I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.
  ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.
  In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.
  Hopefully this information useful to others. 

• How to open a range of ports in RV016

  I am trying to add a couple VOIP phone units that do not have their own router.  They are designed to run of the existing router and have three ranges of UDP ports opened up.  They also do not advise using internal (private) statics on the phones.
  So what they are asking for is three different ranges of UDP ports to be opened up to all behind the router?
  I cannot figure out how to do this (or if it is possible) with a RV016.
  Can anyone advise on this?
  Thanks in advance.                  

  Take a look at this example. RV016 has similar Web admin interface as RV042.
  http://flipvideo-sp2.custhelp.com/app/answers/detail/a_id/16555/~/setting-port-range-forwarding-for-the-rv042
  You can define all the ports in a range you want to forward to an internal IP address as one service.
  You can have one range of ports for each IP phone.
  If you still have difficulty, feel free to call the Support Center.

• How do I Configure my Router to forward incoming data for port x ???

  How do I configure my router to forward incoming data for port whatever?
  I need this for my video games.

  Depending on which router you have look under Gaming and Applications or system management for a Forwarding tab.  From there you select (or create) the port needed for your game with the IP address to the PC with the games you are using.  You may also have to configure Port Triggering for that game/port range/and IP to the hosting PC.
  Richard Aichner (Ikester)

• How do I port forward or open a port on the Airport time capsule to hook p a security system?

  I have an airport time capsule and a security system.  The installer doesn't know anything about using routers etc, especially on a mac.  They say I have to port forward or open a port specifically of this device.  I have very few skills when doing this IT type.  Is this hard to do?  Can I do it myself?  He wants to get an IT guy out?  $55 an hour, how long would it take?  Thanks in advance for anyone who can help!

  The method is here.
  AirPort - Port Mapping Basics using AirPort Utility v6.x
  If you need to get someone in, it depends.. The TC can be recalcitrant.. due to your setup of it following the apple guides.. and it depends on the security system and how simple that is.
  There are multiple issues.. for example how do you find your IP address from the web when you have dynamic IP from your ISP.
  Do you intend to setup dynamic DNS? Can the camera /dvr system handle Dynamic DNS?
  I recommend you read very carefully the instructions for what has been installed.. because merely opening the port is only a small part of the issues involved in remote access to the security system.

• How to enter a range of ports in the firewall

  Does anyone know the syntax of how to enter a range of ports in the firewall so I don't have to enter each individual number? 
  For instance, to open port 15000 to 15264, is it possible to type something like "15000 - 15264" instead each port followed by a comma?
  Thanks.

  Hi,
  In Tiger it is the same as the comma and dashes thing I listed for some routers.
  You can also click the Edit button in that pic I posted and look at which ports are listed (they will be greyed out on the Preset ones)
  Windows Sharing should list the SMB ports and the Printing ports.
  EDIT:
  Actually on this page where I listed how to set up iChat - SMB is a separate line.
  (Printing sharing may also list the Windows Print Sharing port)
  If those don't cover the Windows app you want to communicate with you will have to make your own Entry Like the Edit link I just inserted)
  10:37 PM      Friday; May 27, 2011
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
   G4/1GhzDual MDD (Leopard 10.5.8)
   MacBookPro 2Gb( 10.6.7)
   Mac OS X (10.6.7),
  "Limit the Logs to the Bits above Binary Images."  No, Seriously

• Forwarding proxy requests from ports other than 80

  Hi,
  Is there a way to forward requests from ports other than 80 to the proxy address? For example, trying to define a rule to forward the requests from port 8080 to proxy_ip...
  Best regards,
  Emre

  Hi Emre,
  Have you looked into using ipfilter port redirecting ?
  It may depend on your configuration.
  /etc/ipf/ipf.conf
  pass in quick from any to any port = 8080 keep state
  pass out quick from any port = 8080 to any keep state
  /etc/ipf/ipnat.conf
  rdr <Interface> <hostname or IP> port 8080 -> <hostname or IP> port 8080 tcp
  Edited by: Hodware on Mar 4, 2013 7:24 AM

• SG500X-48 forwards traffic on all ports

  Hello to everybody!
  I have a problem with my SG500 which I do not understand: It is forwarding all traffic to all ports. So for
  me it looks like it behaves like a hub.
  Can anybody please help me?
  I have a SG500X-48 with firmware version 1.2.0.97 which is in "standalone" mode with this configuration:
  switch8d3012#sh run
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  no ip routing
  bonjour interface range vlan 1
  hostname switch8d3012
  management access-list XXX-ADM
  permit gigabitethernet1/48
  exit
  management access-class XXX-ADM
  passwords aging 0
  username cisco password encrypted *** privi
  lege 15
  no snmp-server server
  snmp-server location RZ1
  clock timezone " " 1
  interface vlan 1
   no ip address dhcp
  interface gigabitethernet1/48
   ip address 10.1.2.5 255.255.255.0
  switch8d3012#
  switch8d3012#

  Hi Wire Man,
  By the way those switches are now on 1.4 firmware and yours is still 1.2 so would suugest you to start with upgrade.
  Regards,
  Aleksandra

• Frames forwarded to wrong access port

  Hi,
  my problem is quite simple:
  I have an access port of my switch 3750 that receive frames that aren't for his mac-address -.-
  System image file is "flash:c3750e-universalk9-mz.122-40.SE/c3750e-universalk9-mz.122-40.SE.bin"
  Here the config:
  interface GigabitEthernet1/0/11
   description Server fisico test LACP
   switchport access vlan 103
   switchport mode access
   spanning-tree portfast
  end
  Acc-Dev-SAP02#show mac address-table interface GigabitEthernet1/0/11
            Mac Address Table
  Vlan    Mac Address       Type        Ports
   103    000a.e481.1b90    DYNAMIC     Gi1/0/11
  Total Mac Addresses for this criterion: 1
  The switch correctly show the mac-address of my ethernet port:
  [root@server ~]# ifconfig management0 | grep -i ether
  ether 00:0a:e4:81:1b:90  txqueuelen 1000  (Ethernet)
  Now I assume that if I try to sniff the traffic on my ethernet card eth0 (I renamed it with udev) I should see only frame that have in the dest_ether my mac address but it is not so! Here a little sniff with tcpdump:
  tcpdump -e -n -i management0  not port 22
  14:43:52.434489 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 321: 172.25.240.27.57917 > 192.168.130.23.https: Flags [P.], seq 151:418, ack 1242, win 253, length 267
  14:43:52.472355 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 113: 172.25.240.27.57917 > 192.168.130.23.https: Flags [P.], seq 418:477, ack 1242, win 253, length 59
  14:43:52.473597 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 907: 172.25.240.27.57917 > 192.168.130.23.https: Flags [P.], seq 477:1330, ack 1301, win 253, length 853
  14:43:52.479279 d8:67:d9:7a:c2:44 > 01:00:5e:00:00:66, ethertype IPv4 (0x0800), length 114: 192.168.130.3.hsrp > 224.0.0.102.hsrp: HSRPv1
  14:43:52.479813 00:00:0c:9f:f0:67 > 01:00:5e:00:00:66, ethertype IPv4 (0x0800), length 114: 192.168.130.2.hsrp > 224.0.0.102.hsrp: HSRPv1
  14:43:52.484884 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 74: 172.25.68.48.ldap > 192.168.130.23.36075: Flags [S.], seq 4028131841, ack 1191200232, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 33737784 ecr 871056973], length 0
  14:43:52.487582 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 88: 172.25.68.48.ldap > 192.168.130.23.36075: Flags [P.], seq 1:23, ack 39, win 513, options [nop,nop,TS val 33737784 ecr 871056973], length 22
  14:43:52.488874 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 1974: 172.25.68.48.ldap > 192.168.130.23.36075: Flags [P.], seq 23:1931, ack 142, win 512, options [nop,nop,TS val 33737784 ecr 871056974], length 1908
  14:43:52.489376 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 60: 172.25.68.48.ldap > 192.168.130.23.36075: Flags [R.], seq 1931, ack 149, win 0, length 0
  14:43:52.491508 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 74: 172.25.68.48.ldap > 192.168.130.23.36076: Flags [S.], seq 3174971581, ack 1333951668, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 33737785 ecr 871056974], length 0
  14:43:52.493522 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 88: 172.25.68.48.ldap > 192.168.130.23.36076: Flags [P.], seq 1:23, ack 69, win 513, options [nop,nop,TS val 33737785 ecr 871056974], length 22
  14:43:52.494018 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 66: 172.25.68.48.ldap > 192.168.130.23.36076: Flags [.], ack 77, win 512, options [nop,nop,TS val 33737785 ecr 871056975], length 0
  14:43:52.494061 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 60: 172.25.68.48.ldap > 192.168.130.23.36076: Flags [R.], seq 23, ack 77, win 0, length 0
  14:43:52.533119 d8:67:d9:7a:c2:44 > 00:0c:29:98:ee:48, ethertype IPv4 (0x0800), length 74: 172.25.68.48.ldap > 192.168.130.23.36079: Flags [S.], seq 3291750511, ack 1947665179, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 33737789 ecr 871056985], length 0
  Anyone could explain to me because I receive traffic that should be for 00:0c:29:98:ee:48? It seems like the switch is working like an hub -.-
  Thanks for help!

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Rick, I'm sure, has simplified "... so forwards to all ports in the vlan.", but just to note, that excludes the ingress port.

• Forwarding traps to another port

  The Master Agent listens to Port 162 for SNMP traps. Is there a way to forward raw Enterprise traps from the Master Agent to another port on the local host? I have a trap listener application on Port 8162 and need traps forwarded to it.
  I was able to use Domain Manager's /etc/opt/SUNWconn/snm.conf file, setting the na.snmp-trap.forward.snmp-traps variable to localhost,8162 but the Domain Manager package will not be installed anymore on my systems.
  Thanks,
  Warren Lim
  [email protected]

  The iPhone does not support MMS which is a software issue.
  Apple could provide MMS if they wanted to via a software update.

• Remote port forwarding to a local port

  I'm not sure if this is possible with verizon routers, but I know some routers will allow you to forward a remote port to a local port.
  can this be done with the verizon MI424WR-GEN3I router?

  viafax999 wrote:
  andrewjs18 wrote:
  anyhow, I'm trying to get port 1194 to work without redoing a bunch of configs because it appears that verizon is blocking port 1194 (openvpn), so what I was trying to accomplish was using 1195 as an external port which would then get forwarded to port 1194 internally.
  when I port scan the IP, I get this: Port 1195 is closed on 173.62.X.X.
  Verizon blocks NO ports
  Do you have a listern on port 1194 at 192.168.1.31  ?
  Source port should be Any
  You need TCP for 1194 also TcpAny -> 1194
  Edit is only an option once you've created a rule
  You are trying to create a VPN tunnel to one of your internal devices?
  Edit
  I see you don't need TCP, it's eithe UDP or TCP
  I got it working.
  I think I was forwarding tcp by mistake rather than udp for openvpn.
  thanks

• Forward request to specified port no

  Hi All,
  This is more of a Apache question, however, I know there are apache gurus here as well.
  My htmldb instance is running on port XXXX(by changing the listen and port directives on httpd.conf) on a Sun machine. My question is:
  I do not want to run Apache on 80 since I have to restart webserver as root which I dont have access to. However, I would like to have the http request without a port no(eg. http://www.abc.com) to resolve and automatically forward to my port XXXX. (eg.http://www.abc.com:XXXX).
  Any pointers will be appreciated,
  thank you,
  sun

  I do not want to run Apache on 80 since I have to restart webserver
  as root which I dont have access to.That is not quite true. The Apache binary is setuid root by the Oracle Universal installer, so yes, at installation time it needs root to do one step (sh root.sh).
  But after that, you can just do 'opmnctl stopall;opmnctl startall' as the Oracle software owner id, you don't need root even if you specify Listen/Port 80 in httpd.conf.
  Hope this helps.

• How do you open a range of ports

  Is there a way open a port range for applications? The interface seems to allow only one port number per entry and recommends using a default host (DMZ). Setting up a DMZ compromises my security though. Is there a better way?
  iMac   Mac OS X (10.4.8)  

  Welcome to the discussions.
  See if Steve's post helps.
  http://discussions.apple.com/thread.jspa?messageID=607426
  Cheers Don

• Linksys e1200 PORT RANGE FORWARDING is not working

  I currently have an E1200. I can port forward single ports, but when I attempt to forward a range of ports it doesn't work and there is no error in the log.
  Specifically I am port forwarding RTP ports (10000 - 20000). I am aware of the security risks, please do not preach.

  I have a problem with port forwarding http port 80 this for i surveillance camera.
  I have all the settings are correct but I can not convert. Opening this port Also no other ports open. Who can help me on the way to this is to get together. I mtu gezte the firewall function in 1400 and put on the standard port 80 http to put. and of course the ip address that is in the same range.
  I do not know what I'm doing wrong because the old linksys just worked. It I hope someone can help me.