RV16 Port forwarding and firewall

Similar Messages

• NAT port-forwarding and WAN side IP addresses

  I have my Airport Extreme setup to forward port 21 to an FTP server on the LAN side of my network. The AE is connected via DSL to my ISP.
  When a client from the WAN side connects to my server, the server's LOGS don't list the IP of the client, rather it says the client connected from my assigned WAN IP. For example (fake ip's):
  Client ----> AE ----> FTP-SERVER
  130.129.12.3 76.99.89.3 10.0.1.2
  Log states client connected
  from IP: 76.99.89.3
  My previous Linksys router, with the same DSL modem and ISP, would report the client as connecting from 130.129.12.3.
  Am I missing something in how I am configureing my AE? Or, is this how the AE manages port-forwarding and there's nothing I can do about it?
  I used to use firewall rules to control access to the FTP server, i.e. rules set on the server. This can't be done anymore with the AE operating as it does.

  Seems to me that the NAT translation in the Airport 802.11n is such that it does not use the incoming IP of clients connecting from the WAN side to a computer on the LAN side. The ingoing and outgoing packets reach their respective destinations, it is just that the AE uses some kind of non-standard routing (at least not that I am used to working with).
  This is bad because it prevents the use of some forms of access controls on BSD and Linux servers on the LAN side, TCP Wrappers and iptables for example. This can create obvious security problems when WAN ports are set to forward to such a LAN client. We are already getting hit with robot-like script attacks on our server, this was a problem with our Linksys router, but with the above mentioned tools and scripts we were able to block abusive clients.
  Perhaps an Apple can work on resolving this issue in a future firmware release, at least make it an option... Anyone from Apple out there?
  jmj

• Port forwarding and LAN traffic suddenly stopped working

  My WRT54G was chugging along happily for many months, and suddenly all port forwarding and local LAN traffic stopped flowing. All PCs behind the router on the LAN side can get to all WAN sites just fine, but they cannot ping one another. All of them can ping the router (192.168.1.1) just fine.
  Any ideas?
  Thanks,
  Curtis

  I solved this.  Turned out to not be the router at all, but the accidental enablement of the "Stateful Firewall" within my Cisco VPN client.  Once this option is turned on, the machine gets isolated from the LAN, even when the VPN client isn't visibly running.

• Time Capsule 2 TB, stops port forwarding and cannot be accessed by AAU

  Hi
  I am having the above problem off and on since purchasing the TC. It is dialing in PPOE (fiber optic), connects fine to internet and feeds internet reliably by wireless and wired connections. It will however stop port forwarding and allowing access by Finder or Airport Util. simultaneously at what appears to be random intervals.
  I can unplug the electric and power back on and all is fixed for a week or so. This of course causes havoc with time machine, web server on the network, vpn service etc.
  I have all the updates on AAU osx and I believe everything possible.
  I have the TC, a mini running osx server 10.6.3, a macbook pro, macbook air (Leopard). All running 10.6.3 except the Air.
  I run time machine on all the computers but usually do it manually to avoid 2 machines accessing the Tc at the same time, though sometimes I forget to turn TM off and 2 comps. may be trying to access TC through Time Mach. simultaneously.
  I also have another wireless router getting the internet and making a wireless network in a separate building.
  I have read all the posts but do not see any clear solution or mention of the port forwarding stopping along with access.
  Any help appreciated. If it's defective my year will be coming up, so I want to figure this out now.

  Hi Bob,
  Yes I did a hard reset in order to set it up. I then used the Airport Utility to give it a Network name and base station name that was different from the Wireless AC one upstairs. I left everything else set to defaults and used 'Create a new wireless network'. Added some passwords and then let it boot itself. It all worked ok but as I mentioned I can then only access this downstairs network. The Wireless AC one then refuses to connect afterwards. The only way I can get the Wireless AC to work is to switch off the Wireless N one and then reboot the Wireless AC.
  Maybe I need to change the DHCP port ranges or something ? Is it correct to have x2 networks ?. I dont see any other option given wireless wont reach and I cant cable between the two to create a bridged network.

• Port Forwarding and Loopback with HomeHub 3B

  There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
  Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
  One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
  On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
  If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
  If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
  In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

  There have been a number of threads discussing port forwarding and loopback, so I thought it might be useful to summarise my experiences. I have two HomeHub 3Bs on separate lines, one is a standard broadband line, the other is on an Infinity connection. My experience is limited to these two specific devices :-)
  Port Forwarding does work but it is "temperamental" and "arcane" in the way you need to set it up. Although I have had it running perfectly, I have also had experiences where the router has refused to "accept" my changes. Tentatively, I put this down to the fact that I was running a Seagate GoFlex network drive on the network and this piece of equipment (definitely a Do Not Buy) was acting aggressively and screwing up the DDNS allocations. But ... YMMV
  One definite probllem with Port Forwarding is if you attempt to specify a range of addresses. I have failed to get this to work on both my hubs. In my case I was trying to forward (say) 8021-8022 to 21-22, and the router insisted on forwarding both 8021 and 8022 to port 21.  The cure is to set up each port as a separate rule within the same user-defined application.
  On Loopback, I know various people have said it doesnt work, but it has always worked fine for me, at both the locations where I have a HomeHub 3B. I use a DDNS service and I can test that my port forwarding is working by opening a Command Prompt window on my PC and typing  telnet mydomain.dyndns.web.com 21 or whatever. That command contacts my DDNS host to ascertain my IP address and then (attempts to) connect to port 21.
  If port 21 is closed on your router (i.e. you have no port forwarding in place) you will see the message attempting to connect to mydomain.dyndns.web.com... and, after a while that will time out, with Could not open connection to the host, on port 21: Connect failed. If you do have your port forwarding set up correctly then your application will respond in some appropriate mannerr. However, you do need to understand what youre doing, because the response of an application that is expecting HTTP data is simply to do nothing!  You will probably get a blank screen. If you type GET / HTTP/1.1 [note spaces] (which is not echoed to your screen, so be careful not to mistype it) you will receive a page of HTTP response data and HTML data. Thus proving that your port forwarding is working.
  If you do not have any port forwarding set up at all, you can still test the loopback function by attempting to connect to port 161. This port is open on the BT routers and telnetting to it will result in a blank screen (as opposed to the attempting to connect message).
  In summary: loopback works on the Home Hub 3B. Port forwarding also works to a degree but it is temperamental and does have some quirks, like not properly accepting ranges of ports. On this last point, at least, it would be helpful to get an acknowledgement from BT that this is a known fault.

• Port forwarding and DMZ refuses to work properly on WRT54G wireless router.

  I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
  here's a screenshot of my port forwarding page:
  http://img205.imageshack.us/img205/1497/linksysbg2.jpg
  here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
  http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
  now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. Thanks

  Did you tired upgrade of the firmware on the router??
  Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time ....

• Difference Between Port Forwarding and Port Triggering.

  Hi guys,
  I'm lost! The differences between port forwarding and port triggering is driving me nuts! It all seems very subtle to me. Can anyone explain to me (in a very simple way) what exactly are their differences. Thanks in advance!!

  Port Forwarding
  The big difference between this and port triggering is that forwarding is fixed.. you forward a port and it is always forwarded.. IE available to connection.. basically the forwarded port is excluded from the fire walling abilities of the router.  Second it is static and applies to one machine only. Whereas you could set port triggering to the router and thereafter any machine on the LAN can trigger it unless its already in use.. port forwarding must be specified for each individual machine.
  Port forwarding requires you to give each PC on the network its own unique static IP address.. Although there is ssh port forwarding that can be set dynamically. Most users only have the option of static ip port forwarding.
  The real downside of port forwarding is that it can be very tricky to set up... You may have to allow a series of ports on a machine and have to do that for each machine you want to allow through. Also routers often have limited abilities and may not allow you the ability to forward a port or select the service you require.
  Port Triggering
   This is a way of Dynamically assigning a service to a port WHEN it is required by an outgoing service. The port is initially not allowed so nothing can get in and you are protected by your network.  
  A good example of this is when using Yahoo! voice .. the voice works fine for a few minutes after you connect to Yahoo! then Yahoo! sends some kind of packet that requires a response from your PC... The packet is allowed in through your router no prob but the outgoing reply is not authorized to open a port on the router and is thus blocked. 
  'ope this helps

• Can anyone tell me how to port forward and setup an XBOX 360 using my Time Capsule??

  Xbox 360
  When playing the game online, the minimum speed of your network should be 128kbps. The ideal network speed for playing the game online is 768kbps. If you are having a problems with lag check the following:
  Network Troubleshooting:
  Disable any firewall or security features on your router.
  Set port forwarding on your router to the IP address of your Xbox 360. This game uses port 3074 (UDP/TCP). Additionally Xbox LIVE requires ports 80, 53 TCP and 88, 53 UDP.
  Place your Xbox 360 into the DMZ of your router.
  Disconnect your router and try the game. If it works regularly at this point something about your router may not be completely compatible with the specific needs of this game. Check with your router manufacturer and Microsoft's Xbox Live Connection Issues page for additional steps that may need to be done to resolve the issue you are having. You can also verify that you have an Xbox Live compatible router.
  If you are having issues connecting while multiple Xbox 360 consoles are connected on the same network, try forwarding port 3074 (UDP/TCP) for one Xbox 360 and setting the other as DMZ. There is a chance that this may not resolve you issue,  if it doesn’t then you may want to consider getting an additional public IP address by contacting your Internet Service Provider and assigning it to one of these two consoles.
  NOTE: If setting port forwarding or DMZ helps your connection issue, you may want to assign your Xbox 360 a static IP address within your home network. This can help to ensure that the configurations you made do not need to be done again. You can visit PortForward's Static IP Guide for a detailed guide on how to do this.
  NOTE: Many broadband internet modems are coming with routing capabilities built in. Please contact your internet service provider to determine if your internet modem has an integrated router. If it does, they should be able to assist you with the steps above for setting up your router.
  Once you have verified that your network setup is not the cause of the issue, try the following:
  Try connecting to a different server. Some servers may have other players connected to them that you do not have an optimal connection with. In most games this is accomplished by backing out to the main menu and then selecting multiplayer again. From there you can try connecting to another online game.
  Run the Xbox Network Self Test to see how strong your NAT is currently set to. Once the test is completed you will be notified if there is an issue with your connection. If you select "More Info" you will be given information about your NAT type and some steps to resolve any issues with your connection.
  Moderate and Strict NAT types may have issues connecting to online matches. You may get the error "Notice - The game session is no longer available." If you do then enabling UPnP, forwarding port 3074, or placing your Xbox in your router's DMZ may resolve this issue. Please consult your router documentation for instructions on how to do this.

  ouman88 wrote:
  Whoa....this just went way over my head.... I already have 6.1 installed for my Airport Utility.
  Read again what I wrote.. 6.1 is the problem.. or part of it.
  You need to install the earlier 5.6 version which I have given you explicit instructions to do.
  I have done something now and can not connect the XBOX at all now....unless you can provide me step by step directions I may have to call Apple Support.
  This will happen over and over.. just press reset and start again.. you need to learn how to do the setup and using 5.6 utility will help you.. as will using ethernet from the computer to the TC.. trying to fix things over wireless is like sitting on a tree branch you are sawing off. As soon as you update you will fall to the ground.
  I am not that sure that Apple Support will have any idea.
  Do a google search .. you will find most people struggle with this.. Microsoft made the xbox to use upnp with vista specs.. if you use a router without upnp, ie any apple router.. you will have issues.
  Have a go at bypassing the problem.. I have no idea if this will work.. I do not use a TC as the main router because much of my network including xbox and ps3 is just a pain.. I use a modem router with upnp. And bridge the TC.. that is the setup I would recommend.
  Try this.. once you have installed 5.6 utility.
  Get the IP of the XBox and click enable default host.. and put the IP address in there.. this is called DMZ.. all unassigned packets are forwarded to this ip address.. it is like a port forwarding for all ports.
  See if it helps.. If it does you will need to lock the xbox address so it doesn't change.. we can get to that.
  Tell me what kind of broadband you have and what modem router first.. none of this will work if you have double NAT.

• Port Forwarding/Router Firewall HELP

  I'm trying to use my iSight built in cam with "aMSN" and they give me error messages when I configure. It says I have firewall/port issues to free up or something. Here's what help says to do:
  "To do this, open your router web-based configuration (check router manual for details on this). Once you have the web-based configuration open, browse for a setting called "port forwarding" or "port range forwarding" or something similar to that. (This might be found under the advanced features for your router).
  Now that you have the port forwarding page open, you will want to set the port forwarding range so that aMSN will be able to accept and send the webcam stream.
  Here's an example of how you will set up your port forwarding:
  Application: aMSN
  Start: 6890
  End: 6900
  Protocol: Both(TCP & UDP)
  IP: xxx.xxx.x.xxx
  Enabled: X (Yes/True)
  Note: xxx.xxx.x.xxx is the IP of your machine that you are trying to send / receive webcam
  If you have a web server open on your port 80, you can try to disable it too, sometimes it helps. "
  All I'm asking is how do I get to the port forwarding page to do what they have displayed above? I've tried Apple support topics on the subject and all were irrelevent or only dealt with iChat.
  Any ideas? Thank you!

  Are you using an Airport? If not, what type of router do you have connected? Each manufactor is different, but should provide the information in their manuals.

• BT Infinity - Port Forwarding and Vodafone Sure Si...

  I have been lucky enough to upgrade from BT Total Broadband (Home Hub 1 and then 2) to BT Infinity (Home Hub 2 with Openreach box). I can remember having major problems with port forwarding with my previous installation, even though the step by step instructions given by BT regarding application sharing was accurate. I resorted to using TELNET and then certain key commands that ensured it did work. A forum simular to this one saved the day. Now I have the new BT Infinity box of tricks and I appear to have the same problem and now I cannot use TELNET to tear down these restrictions. I have switched off the Firewall within the menu system but realise that this is still operational in some kind of way. All incoming data is still being blocked. I need to make sure the following ports are open to the World so that my Vodafone Sure Signal works: TCP: 8 TCP: 50 TCP: 123 UDP: 500 UDP: 4500 I have also enable the VPN clamping as suggested. Can anyone help me? Vodafone can only advise me on these port numbers the rest is ISP driven. Do I need to speak to an engineer? Do I need to TELNET the Home Hub some how? Thank you in advance.
  Solved!
  Go to Solution.

  There is a nationwide problem with Sure Signal connecting through BTinternet which has been ongoing since the 27th. It doesn't seem to be a problem through other internet providers nor does it seem to be specific to any particular versions of Sure Signal or BT Home Hub.
  There's no point trying to talk to BT customer services about it - the idiot I was speaking to yesterday insisted that I needed to change the Wi-Fi channel on my Home Hub in order to get my (wired) Sure Signal working again.
  Vodafone's customer services are not quite as sh*t as BT's but not much more help. They do, at least, acknowledge that there is a problem and that it is being worked on by engineers (not sure if it is Voda or BT engineers?) but can only say that the "hope it is fixed in the next 24 hours."
  If you are thinking of speaking to BT's "customer support specialists" about this, I suggest you poke yourself in the eye instead; it's as likely to fix the problem, will take less time and probably be less painful.

• Port Forward and IP address question

  I am configuring my father's computer so that I can "see" his screen. He's on a different network, using a mac with a wireless router. He enables remote desktop login, I use Chicken of the VNC software on my mac to see and control his computer.
  Here's my question, when I set up his router to forward the ports so this will work, do I use the ports for apple remote desktop or VNC? (The ports overlap (5900) but are different.)
  Also, which IP address do I enter into Chicken of the VNC? His router IP, his static IP that we assigned or his computer's IP.
  Thanks for the help,
  Rob

  ok, but in his prefs for apple remote desktop, it gives the static IP address that we set as the address other people can use, so... any thoughts?
  You use that private address if you are in the same subnet as his Mac. That is the address you enter into the port forwarding settings on the router because the router needs to send requests received on the public IP address to that unreachable private IP address.
  When you are on the internet, you can't reach that private IP address.

• Port Forwarding and Static IP addresses

  Netcomm NB1300 router and Airport Express.
  I want to use and old G3 mac running 10.3.9 as a server for HTTP and FTP. The Mac is currently connected via Airport but I can connect it via Ethernet if necessary.
  I understand that I will have to activate Port Forwarding on my Router with Ports 21 and 80 to allow external Internet access to the G3. I will also have to configure DHCP Manually for a Static IP address and probably link up with a Free DNS service to maintain reliable access to the G3.
  I have other computers on the network, two Macs (Ethernet / 10.3.9 & Airport 10.4.11) and two PC's (one with Vista, one with XP / both on Airport). Only one of the extra Macs is connected via ethernet, the rest are connected via Airport.
  Will I have to assign Static IP addresses to all the computers or just the one I want to use as a server?
  And also, can anyone tell me about Port Forwarding via Port 22 to give more security from external observation/attacks? I know nothing about this security measure.
  Thanks in advance.
  Christo.

  Hi--
  Christo wrote:
  I am now assuming I will be able to access the 'server' from an external location. Very optimistic! But I can't test that for a couple of days.
  Ah, but you've given up too soon! You can access your web server from outside your network real easy: you just need to find an external client you can point back to your site. I like to use the W4C validator to do that. It has the happy side effect of also telling you if your web page markup is valid. So you'd point your browser to the validator page:
  http://validator.w3.org/
  I like to choose "More Options" and tell it to show the page source. That way I can also verify that it's seeing the page I want it to see.
  If I disconnect the iBook from Ethernet, can it still be accessible from an external location if it is connected to the Router via Airport, or do I have do so something like Port Forwarding with my Airport Express as well? Note the iBook can still connect to the Internet via Airport.
  It would depend on how your Airport is set up. I think there are a couple of ways to set them up. One is to make the Airport a DHCP server, which would make the wireless network essentially a separate network. In that case, you'd have to forward throught the Airport, too.
  My wireless network, though, is set up to bridge, so it's all one network. In that case, all I'd have to do to forward wirelessly to a client would be to set up the forward on the main router.
  Being that persons other than myself will be accessing the iBook via FTP, do I give them the user account password of the Mac, or can I set a password in the Router or something else?
  Also, when accessing the iBook on my local network using Cyberduck, I can see the entire directory of the iBook's user account. Is there a way to limit access to just one folder, such as the Public folder, or a self-designated folder?
  Unfortunately, I don't know anything about setting up FTP. I would suggest that you look into maybe making an account on the iBook specifically for the FTP user and only give out that username and password. You might want to poke around in the Networking and the Web and Unix discussions in the Mac OS X Technologies area. I've seen a number of posts there about setting up FTP, and you might be able to find your answers there.
  charlie

• Port Forwarding and Printing with Static IP Address

  Hey there -
  I am trying to setup a network printer that can be printed to from anywhere in the world. My organization has 5 static IP addresses given to us by our ISP. Four of those I have on computers, and one of them I have on my Linksys router (WRT54G v.8).
  What I want to do is be able to setup a printer on my router that I can print to from anywhere I have an internet connection. My wireless router's static IP address is 74.172.54.XXX - The address on my network is 192.168.7.1 - I have a printer statically assigned the IP address 192.168.7.2 - and I have a port forwarding for port 70 to forward to 192.168.7.2
  In theory, I would think that now I could print to 74.172.54.XXX:70 and have no problems. But that doesn't seem to be working. Even printing to 192.168.7.1:70 doesn't seem to work either.
  Also, the printer has a web GUI interface that if I type http://192.168.7.1/ into my browser it comes up, so in theory I would think typing http://74.172.54.XXX:70 into my browser it should come up (but it doesn't nor does http://192.168.7.1:70).
  Anybody got any suggestions? I tried to do a search about this, but ever Port Forwarding question seemed to deal with gaming (which I have no desire to do). Thanks!
  I will include two screen snapshots of what I am talking about:
  Thanks for any help.

  Is the router setup to accept static connections?
  I have my router set up to accept both, so from 192.168.1.100 to 192.168.1.192 the addresses are static the other addresses are given by DHCP.
  If you do not define a range and the address your laptop has as static IP conflicts with the address given by DHCP your loose ... as in you get no address.
  Set up of that feature may depend on your type of router but usually any decent router will have that capability ... read your manual for specifics about your unit.
  Best of luck.
  R.
  Last edited by ralvez (2009-12-10 00:08:50)

• Port Forwarding Cisco firewall

  Hi,
  In Cisco Firewall 2900 seires
  trying to use port forwarding
  but not communication please help me.
  Reg
  Manoj.

  : Saved
  : Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014
  name 10.10.70.X.40 FinalPdf
  name 201.256.x.x Youfinalip
  interface Ethernet0/0
  nameif YOUB
  security-level 0
  ip address 201.256.x.x.254.82 255.255.255.248
  interface Ethernet0/2
  nameif inside
  security-level 100
  ip address 10.10.70.X.1 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service ftp tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq 14147
  object-group service any tcp-udp
  port-object range 1 65535
  object-group service DM_INLINE_TCP_1 tcp
  group-object ftp
  port-object eq ftp-data
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_access_in extended deny object-group TCPUDP any any eq domain
  access-list inside_access_in extended permit ip any any
  access-list YOUB_mpc extended permit ip any any
  access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive
  access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp
  pager lines 24
  logging enable
  logging emblem
  logging asdm-buffer-size 512
  logging buffered debugging
  logging trap debugging
  logging history debugging
  logging asdm debugging
  logging device-id hostname
  logging debug-trace
  logging ftp-bufferwrap
  logging ftp-server 10.10.70.X.251 firwall/ firwall firwall
  logging class auth trap emergencies asdm emergencies
  mtu YOUB 1500
  mtu SIFY 1500
  mtu inside 1500
  mtu WAN 1500
  mtu management 1500
  ip verify reverse-path interface YOUB
  ip verify reverse-path interface inside
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  asdm location Testpdf 255.255.255.255 inside
  asdm history enable
  arp timeout 14400
  global (YOUB) 1 interface
  global (SIFY) 1 interface
  nat (inside) 0 access-list EXEMPT
  nat (inside) 1 10.10.70.X.0 255.255.255.0 dns
  static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255
  access-group YOUB_access_in in interface YOUB
  access-group inside_access_in in interface inside
  route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1
  route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10
  route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1
  route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 100
  type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB
  num-packets 3
  frequency 10
  sla monitor schedule 100 life forever start-time now
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  track 1 rtr 100 reachability
  telnet timeout 5
  ssh scopy enable
  ssh 10.10.70.X.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username cisco password 3USUcOPFUiMCO4Jk encrypted
  class-map YOUB-class
  match access-list YOUB_mpc
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  description ftp
  class inspection_default
    inspect dns preset_dns_map
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect ftp
  class class-default
    ips inline fail-open
  policy-map YOUB-policy
  class YOUB-class
    ips inline fail-open sensor vs0
  service-policy global_policy global
  service-policy YOUB-policy interface YOUB
  smtp-server 10.10.70.X.18
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:aace81256bc60bc50469f80cb0c4641a
  : end

• Port Forwarding and Internet Sharing

  Hey all,
  I have a wireless network set up through a Time Capsule. My iBook is connected to this network via Airport. In addition, I have a computer with no wireless connected to my laptop via Ethernet. I have my System Preferences set up to Share Internet with Built-In Ethernet. The problem is this. I want to use the second computer (which accesses the Internet fine) as a server. The Airport does not recognize the second computer as a Client, but does see the iBook. I believe I need to Forward Ports to the iBook (local IP: 10.0.1.5) and then forward them again with the iBook to the other computer which has the local IP 196.168.2.2.
  Is my thinking right in this? How would I need to configure this to make it work as I've explained?
  If I'm unclear I can clarify.
  Thanks,
  Daniel

  Hi Daniel,
  I think the problem is, is that the Internet Sharing isa pass through connection.
  Try this, in Network>Show:>Network Port Configurations, duplicate the Airport interface, make sure the on used for internet is dragged to the top of the list, then Manually configure if need be, the second one to join the local Network.