Simple Port Forwarding - SRW2016, SRW2024, SRW2048

Does anyone have a guide for simple port forwarding on the SRW2016-48 series?
Thanks

What "ports" do you want to forward? What do you mean with "port forwarding"? Please explain what you want to do!

Similar Messages

Rv120w and simple port forwarding.

Hi
I just got a new rv120w and want to set it up, like my old router.
I have a webserver that people around the world, should be able to visit, but I can't figure whats wrong.
You can see my settings in port forwarding here.
Can anyone help me out here ?
Regards Steen

Hi
Thats a little strange :
The access rule was created automatic.When I deleted it, the port forwarding also was deleted. I created the port forwarding again, the access rule came again (with the same settings as before) and now it is working from the internet.
But not from the lan side.
Hmmmm ?

Newbie: simple port forwarding

I want to add surveillance camera to my office. I have configured the ip webcam on the LAN and wanting to know how to configure the OS X server to point to the webcam. The server is the internet gateway.
Thanks,
Jon

There's no GUI interface for setting up port forwarding when your Mac is the router/gateway.
If possible I'd set this up at your router, where the router performs NAT for the network, rather than your Mac (almost by definition if your Mac is acting as the gateway then it has a public-facing interface, which I rarely recommend).
In addition to that, the specifics on which port(s) to forward will depend on the camera. Some cameras implement a web-based interface, so you might need port 80. Others may use different ports (and even cameras that use a web interface may use a different port).
One other consideration would be a tool such as Security Spy - it's software designed to interact and manage multiple cameras, including features like time lapse recording, motion detection, remote notifications, and more. If this were running on your gateway then you wouldn't need to deal with port forwarding to the camera directly.

Simple Port Forwarding / ACL Question

Hi Everyone,
I'm kind of a novice when it comes to Cisco configuration. I went to college for networking but haven't used it enough since graduating and I'm having some trouble with opening some ports for email to my home PC.
Specifically i'm trying to set up IMAP with Gmail to be downloaded to my Mozilla Thunderbird client. I'm using a similar syntax for other ports that i've opened but it isn't working. I also did a "show access list" and saw that one of my rules had hit counts on it but i'm not sure what this means as far as troubleshooting goes.
Can someone lend a hand and explain what i'm doing wrong? If you're feeling extra nice could you let me know what I would need to do to open some Xbox Live ports as well? The rules aren't set up yet but the ports are present in my config. I've bolded the relevant ports below.
*** Config ****
ASA Version 8.2(5)
hostname RyansFirewall
enable password C5OQraC02mISnP8p encrypted
passwd 3mBdM08UO1apR0bB encrypted
names
name 192.168.1.130 theking
name 192.168.1.240 wap
name 192.168.1.252 cam
name 192.168.1.253 switch
name 192.168.1.150 xbox
name x.x.x.x vpnreactor
name x.x.x.x HSoftware
name x.x.x.x Mom_and_Dad
interface Ethernet0/0
description Connection_to_Cable_Modem
switchport access vlan 10
interface Ethernet0/1
description Cisco_Catalyst_2960
interface Ethernet0/2
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
description Guest_Wireless
switchport access vlan 20
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
description Private_Internal_Lan
nameif inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Vlan10
description WOW_Internet
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan20
description Guest_Wireless
no forward interface Vlan1
nameif dmz
security-level 30
ip address 172.16.1.254 255.255.255.0
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone Eastern -5
object-group network outside_ip_group
description This group contains a list of allowed public IP Addresses
network-object HSoftware 255.255.255.255
network-object Mom_and_Dad 255.255.255.255
object-group service Xbox_Ports tcp-udp
description Ports needed for Xbox Live
port-object eq www
port-object eq 88
port-object eq domain
port-object eq 3074
object-group service Email_Ports tcp-udp
description Ports needed for Email
port-object eq 143
port-object eq 465
port-object eq 587
port-object eq 993
access-list outside_access_in extended permit tcp object-group outside_ip_group any eq 1024
access-list outside_access_in extended permit tcp any any eq 3389
access-list outside_access_in extended permit tcp any any eq ftp
access-list outside_access_in extended permit gre host vpnreactor host theking
access-list outside_access_in extended permit tcp host vpnreactor host theking eq pptp
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended permit icmp any any time-exceeded
access-list outside_access_in extended permit icmp any any unreachable
access-list outside_access_in extended permit tcp object-group outside_ip_group any eq 5900
access-list outside_access_in extended permit tcp any any object-group Email_Ports
access-list outside_access_in extended permit udp any any object-group Email_Ports
pager lines 24
mtu inside 1500
mtu outside 1500
mtu dmz 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 1 access-list outside_access_in
nat (dmz) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 3389 theking 3389 netmask 255.255.255.255
static (inside,outside) tcp interface ftp theking ftp netmask 255.255.255.255
static (inside,outside) tcp interface 1024 cam 1024 netmask 255.255.255.255
static (inside,outside) tcp interface 5900 theking 5900 netmask 255.255.255.255
static (inside,outside) tcp interface 143 theking 143 netmask 255.255.255.255
static (inside,outside) tcp interface 465 theking 465 netmask 255.255.255.255
static (inside,outside) tcp interface 587 theking 587 netmask 255.255.255.255
static (inside,outside) tcp interface 993 theking 993 netmask 255.255.255.255
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh Mom_and_Dad 255.255.255.255 outside
ssh HSoftware 255.255.255.255 outside
ssh timeout 10
console timeout 10
dhcpd address 192.168.1.2-192.168.1.25 inside
dhcpd dns x.x.x.x x.x.x.x interface inside
dhcpd lease 10800 interface inside
dhcpd domain RyanJohn interface inside
dhcpd enable inside
dhcpd address 172.16.1.2-172.16.1.25 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd domain RyanJohnGuest interface dmz
dhcpd enable dmz
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username XXXXX password ZpRIy72StEDDpdfG encrypted
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3c7abf7d5d55aba0e19d5da340132000
: end
*** Show Access List ****
RyansFirewall# show access-list outside_access_in
access-list outside_access_in; 19 elements; name hash: 0x6892a938
access-list outside_access_in line 1 extended permit tcp object-group outside_ip_group any eq 1024 0xf13a69fb
access-list outside_access_in line 1 extended permit tcp host HSoftware any eq 1024 (hitcnt=0) 0xc8c42900
access-list outside_access_in line 1 extended permit tcp host Mom_and_Dad any eq 1024 (hitcnt=0) 0x7e777675
access-list outside_access_in line 2 extended permit tcp any any eq 3389 (hitcnt=7451) 0x51a647d7
access-list outside_access_in line 3 extended permit tcp any any eq ftp (hitcnt=11) 0x8d0d5aac
access-list outside_access_in line 4 extended permit gre host vpnreactor host theking (hitcnt=0) 0x894a4bbb
access-list outside_access_in line 5 extended permit tcp host vpnreactor host theking eq pptp (hitcnt=0) 0xcb0322a8
access-list outside_access_in line 6 extended permit icmp any any echo-reply (hitcnt=563) 0x54b872f3
access-list outside_access_in line 7 extended permit icmp any any time-exceeded (hitcnt=703) 0x03690eb3
access-list outside_access_in line 8 extended permit icmp any any unreachable (hitcnt=7408) 0x5c2fa603
access-list outside_access_in line 9 extended permit tcp object-group outside_ip_group any eq 5900 0xe88875b2
access-list outside_access_in line 9 extended permit tcp host HSoftware any eq 5900 (hitcnt=0) 0x2208e16f
access-list outside_access_in line 9 extended permit tcp host Mom_and_Dad any eq 5900 (hitcnt=0) 0xa3aaaedd
access-list outside_access_in line 10 extended permit tcp any any object-group Email_Ports 0x91529965
access-list outside_access_in line 10 extended permit tcp any any eq imap4 (hitcnt=17) 0x53d153bd
access-list outside_access_in line 10 extended permit tcp any any eq 465 (hitcnt=0) 0x4d992f5e
access-list outside_access_in line 10 extended permit tcp any any eq 587 (hitcnt=0) 0x734d200d
access-list outside_access_in line 10 extended permit tcp any any eq 993 (hitcnt=0) 0xb91930a9
access-list outside_access_in line 11 extended permit udp any any object-group Email_Ports 0xe12dbb9d
access-list outside_access_in line 11 extended permit udp any any eq 143 (hitcnt=0) 0x34d1c49d
access-list outside_access_in line 11 extended permit udp any any eq 465 (hitcnt=0) 0x5cc4b908
access-list outside_access_in line 11 extended permit udp any any eq 587 (hitcnt=0) 0x6e3b53a3
access-list outside_access_in line 11 extended permit udp any any eq 993 (hitcnt=0) 0x7f9dd9b7

Hi Riyasat,
Here is the result of the command. I'm a little confused though as it said it passed through although this port is still not open to my inside host.
RyansFirewall# packet-tracer input outside tcp 8.8.8.8 465 Outside_IP 465 detailed
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) tcp interface 465 theking 465 netmask 255.255.255.255
match tcp inside host theking eq 465 outside any
    static translation to Outside_IP/465
    translate_hits = 0, untranslate_hits = 2
Additional Information:
NAT divert to egress interface inside
Untranslate Outside_IP/465 to theking/465 using netmask 255.255.255.255
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit tcp any any eq 465
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd863ac20, priority=12, domain=permit, deny=false
        hits=9, user_data=0xd613bd70, cs_id=0x0, flags=0x0, protocol=6
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=465, dscp=0x0
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd7de9018, priority=0, domain=inspect-ip-options, deny=true
        hits=20003, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 4
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
nat (outside) 1 access-list outside_access_in
match tcp outside any outside any eq 3389
    dynamic translation to pool 1 (Outside_IP [Interface PAT])
    translate_hits = 0, untranslate_hits = 0
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd7e62278, priority=2, domain=host, deny=false
        hits=25913, user_data=0xd7e61e60, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 5
Type: HOST-LIMIT
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd7debf90, priority=0, domain=host-limit, deny=false
        hits=143, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 6
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) tcp interface 465 theking 465 netmask 255.255.255.255
match tcp inside host theking eq 465 outside any
    static translation to Outside_IP/465
    translate_hits = 0, untranslate_hits = 2
Additional Information:
Forward Flow based lookup yields rule:
out id=0xd7e84380, priority=5, domain=nat-reverse, deny=false
        hits=3, user_data=0xd7e58b08, cs_id=0x0, flags=0x0, protocol=6
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=theking, mask=255.255.255.255, port=465, dscp=0x0
Phase: 7
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) tcp interface 3389 theking 3389 netmask 255.255.255.255
match tcp inside host theking eq 3389 outside any
    static translation to 0.0.0.0/3389
    translate_hits = 0, untranslate_hits = 107
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd7e70e30, priority=5, domain=host, deny=false
        hits=1642, user_data=0xd7e6c678, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip=theking, mask=255.255.255.255, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 8
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xd7d9e160, priority=0, domain=inspect-ip-options, deny=true
        hits=30929, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
        src ip=0.0.0.0, mask=0.0.0.0, port=0
        dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 31012, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow

Simple Port Forwarding Question

Sorry if this has been asked and answered many times before but I I've been at this for hours and I'm getting nowhere.
We have a Cisco 861 router. I've taken over the IT responsibilities from someone else and I'm just trying to forward TCP/UDP ports 5899 and 9010 to our server. I can access the server using Remote Desktop so I can see the previous IT person has gotten that far. Below is the output of our "Running Configuration".
I can see the line "ip port-map user-protocol--4 port tcp 3389" but I can't figure out how to add my own 5899 and 9010 lines.
I'm using the Cisco Configuration Professional UI but I don't have a problem using the command line interface if I'm sure I have the right commands to input. I started adding an extended rule using the ACL Editor in CCP but I'm afraid to deliver the changes to the router because it doesn't look anything like the "ip port-map user-protocol--4 port tcp 3389" line.
Here is the information generated from the ACL editor (again, I haven't delivered it to the router):
ip access-list extended user-protocol--05
remark Radmin5899
remark CCP_ACL Category=1
remark Radmin5899
permit tcp any host 10.10.10.10 eq 5899
exit
I don't think the ACL output is correct because I don't see the public IP.
How do I create a cusom ip port-map like the ones listed in the "Running Configuration"?
Any help would be greatly appreciated.
Kevin G
Running Configuration:
Building configuration...
Current configuration : 10177 bytes
! Last configuration change at 09:45:33 PCTime Fri Feb 21 2014 by admin
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Summit
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$q6Ct$Wo7VDTQAbAL7BjYEvSXvJ/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1582036946
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1582036946
revocation-check none
rsakeypair TP-self-signed-1582036946
crypto pki certificate chain TP-self-signed-1582036946
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31353832 30333639 3436301E 170D3933 30333031 30303030
34365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35383230
33363934 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A98F 75C0DEE6 FA35B0D2 3F42C711 3E622144 312E5DEC 8A721820 1E25EDCB
A8F10958 4DE48A8D AF5C0297 92526567 DCCCECC8 165C7A66 9CFF76C1 E8083FE2
807FD489 4A8EEF92 5528F079 F069690E 3F3A269B 4D948A32 E9F556B0 5AE8DC1A
9F753D60 58E0A298 1D1045C2 641D5976 E857FAE8 C853CF31 24356154 828F98E2
913D0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
551D1104 15301382 1153756D 6D69742E 73706D63 2E6C6F63 616C301F 0603551D
23041830 16801436 F9B786F7 EB0AE78E DE16D0D8 EED4E8D5 E4679830 1D060355
1D0E0416 041436F9 B786F7EB 0AE78EDE 16D0D8EE D4E8D5E4 6798300D 06092A86
4886F70D 01010405 00038181 007B2A5E E5180062 70FD14E5 A1B9C29D C20C99D4
5897D077 B4F4250E 6788CF79 4640E214 C112724B 7EB04A9D 0754956E 2D5AF34A
0C1D1A6E 86AC0E07 FFFBEC66 B8DA4E35 E05B2AA9 F8FD084C A23A2E21 A92C409E
9AA9C45A F2B406BC E123869A 2989FBDD 65E96A95 8D6CB6C9 BAF33F75 19999CB3
4F8613BB 40251384 2D30F8A1 82
   quit
no ip source-route
ip port-map user-protocol--2 port tcp 100
ip port-map user-protocol--1 port tcp 101
ip port-map user-protocol--4 port tcp 3389
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp pool spmcpool
   network 10.10.10.0 255.255.255.0
   domain-name spmc.local
   dns-server 10.10.10.10 8.8.8.8
   default-router 10.10.10.1
ip cef
no ip bootp server
no ip domain lookup
ip domain name spmc.local
license udi pid CISCO861-K9 sn FTX1446810J
username admin privilege 15 secret 5 $1$W2UZ$IvcuhFV2mkG0u/RI.XwUN0
username spmc privilege 15 secret 5 $1$P88u$ZEG5RuEVxxAaTXW3BQ1q3/
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
class-map type inspect match-all sdm-nat-user-protocol--4-1
match access-group 102
match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--2-1
match access-group 104
match protocol user-protocol--2
class-map type inspect match-all sdm-nat-http-1
match access-group 102
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-2
match access-group 103
match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
class-map type inspect match-all sdm-nat-smtp-1
match access-group 102
match protocol smtp
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all sdm-nat-https-1
match access-group 102
match protocol https
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
pass
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-user-protocol--4-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-nat-user-protocol--1-2
inspect
class type inspect sdm-nat-user-protocol--2-1
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
pass
class class-default
drop
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Internet$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address 66.x.x.x 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
interface Vlan1
description LAN$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip default-gateway 66.x.x.x
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
ip nat inside source list 3 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.100 100 66.x.x.x 100 extendable
ip nat inside source static tcp 10.10.10.101 101 66.x.x.x 101 extendable
ip nat inside source static tcp 10.10.10.10 25 66.x.x.x 25 extendable
ip nat inside source static tcp 10.10.10.10 80 66.x.x.x 80 extendable
ip nat inside source static tcp 10.10.10.10 443 66.x.x.x 443 extendable
ip nat inside source static tcp 10.10.10.10 3389 66.x.x.x 3389 extendable
ip nat inside source static tcp 10.10.10.10 5899 66.x.x.x 5899 extendable
ip nat inside source static tcp 10.10.10.10 9010 66.x.x.x 9010 extendable
ip nat inside source static udp 10.10.10.10 9010 66.x.x.x 9010 extendable
ip nat inside source static 10.10.10.10 66.x.x.x
ip route 0.0.0.0 0.0.0.0 FastEthernet4 66.x.x.x
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.10.10
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.10.101
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.10.100
no cdp run
snmp-server community agsl RO
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Turns out, through some quirk of either Java, IE or CCP, the "Port to Application Mappings" page was blank. I added the necessary application protocol and it worked for opening a port I needed open on the server. Even with the screen blank I could click on the blank area in different spots and the "Edit..." button would become available. For whatever reason, whenever I go into CCP now, the page is no longer blank.
I'm having a different problem now with opening ports for our camera DVR. I'll start a new thread for that.
Thanks for the help.

Port forwarding in Solaris 8

Hi,
I am new to Solaris and am trying to set up a simple port forwarding from port 80 to 8080.
I know how to do this in Linux:
iptables -t nat -I PREROUTING -p tcp dport 80 -j REDIRECT to-port 8080
but cannot find a way to do this in Solaris. I have installed SunScreen, but am not sure whether this is the right thing to use.
This is a simple server in a hosting centre.
Can anyone help?

In solaris you can do port forwarding with ssh . You have to install SSH from soalris 2 of 2 CD .
see man pages of ssh
Regards

Does Verizon Wireless support Port forwarding.

The 4510L has port forwarding. But the IP address ports are all stealth. I know VW has to take security measures for spam and hackers but this is just a little over kill here. The IP addresses they use are from wdspco.org. At lest in my area. Come on VW where is a tech support that are not sale reps. This feature should be part of the ISP service. It should not be an issue to allow simple port forwarding for the NOC. I know the public IP address is not routable. Its not going to cost more to route.

We would love to support you with your Env3, jeffrey8066!
What can we do to help?
TamaraH_VZW
Follow us on Twitter @VZWSupport

How to Port Forward on Cisco 1900 Router?

We have a cisco 1900 router. I m new to cisco routers commands, recently started learning. I need to forward all requests coming from port 1723 from outside to inside server ip. I check "show running-config" and I see already forwarded ports and ip like below,
ip nat pool onlyone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.252
ip nat inside source list 1 pool onlyone overload
ip nat inside source static tcp 192.168.0.xx 22 xxx.xxx.xxx.xxx 22 extendable
ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 80 extendable
ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 96 extendable
ip nat inside source static tcp 192.168.0.xx 443 xxx.xxx.xxx.xxx 443 extendable
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is public facing IP.
so what is the command to add "ip nat inside source static tcp 192.168.1.xx 1723 <public-ip> 1723 extendable" to currnetly working settings?
I am currently reading below but no luck so far...
http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/software_configuration.pdf
I have found this
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic7
interface ethernet 0
ip address 172.16.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
ip address 200.200.200.5 255.255.255.252
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
!--- Static NAT command that states any packet received in the inside
!--- interface with a source IP address of 172.16.10.8:8080 is
!--- translated to 172.16.10.8:80.
How do I know if "interface ethernet 0" and "interface serial 0" will work for me?

the router is already setup and working for 2 years. all i need to do add a simple port forward from public ip to internal server. Following make sense to accomplish what i m trying to do. Lets assume 1.2.3.4 is my office public static ip and 192.168.0.10 is my internal server. All requests will come from some Ip lets say 25.24.23.22:1723 to 1.2.3.4:1723 and router will forward this request to 192.168.0.10:1723. This is all i m trying to accomplish. I m not setting up a new router. Some rules are already there. Therefore below seem to be what i need. All I need is how to identify "interface ethernet 0" & "interface serial 0". I understand the inside and outside details. All i have to find is how to replace ethernet 0 and serial 0 with what i have in my router setup.
interface ethernet 0
ip address 172.16.10.1 255.255.255.0
ip nat inside
!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
interface serial 0
ip address 200.200.200.5 255.255.255.252
ip nat outside
!--- Defines serial 0 with an IP address and as a NAT outside interface.
ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
!--- Static NAT command that states any packet received in the inside
!--- interface with a source IP address of 172.16.10.8:8080 is
!--- translated to 172.16.10.8:80.

Time Capsule disconnects internet when using web server through port forwarding

My current config is: 2TB Time Capsule running 7.6.3, Mac Pro running Lion (10.7.5), MacBook Pro running Mountain Lion (10.8.3), and a couple of MacBook Pro Retinas running Mountain Lion. My current ISP is Comcast.
I have the Time Capsule set up to port forward port 80 to the Mac Pro for the purpose of running a web server. Most of the traffic is shuttling fairly large m4v files back and forth to work (work product from video editing work). I can reach the webserver on the Mac Pro just fine from the outside world, and can list files in the directory just fine. When I initiate a download (via right click on a link, "Save As..." or whatever), the Time Capsule reports that the Internet has been disconnected, and all machines inside my network lose access to the outside world. I have to either power cycle the Time Capsule, or disconnect/reconnect the Cat-6 cable between the cable modem and the Time Capsule to re-establish the connection. Interestingly, the download continues and completes on the other end without issue (so, the connection is actually still there!).
Before switching to Comcast, I was on AT&T Uverse - Uverse includes a router, so I had the TIme Capsule set up in Bridge Mode. That worked fine. I also have an older 500GB 1st generation Time Capsule. I set it up with the same config as my 2TB TC, and it shows the exact same behavior - internet disconnects upon initiating a file download through a forwarded port. I then hooked the Mac Pro up directly to the cable modem. I can initiate a download without issue, and I continue to stay connected to the Internet without problem. Called Comcast anyway - they report no errors on the line, but reset the whole device chain anyway. No change in behaviors.
I tried downgrading the Time Capsule software to 7.6.2 (the earliest version that came on it). No dice, same behavior.
So... I called Apple. Complete and utter FAIL. Apple Support reports that they have no training in the port forwarding features of the Time Capule or Airport products, and cannot help me resolve the issue because of that. So, I have a $300 router that apparently cannot perform a simple routing function (download through a forwarded port), that I cannot troubleshoot (because Airport software v7 is an epic fail in that regard), made by a company who cannot support it - and everything this $300 device is doing can be done by a $50 device with a $100 external hard drive?
Do I understand this situation correctly? What have I missed in trying to troubleshoot this thing?

Apple Support reports that they have no training in the port forwarding features of the Time Capule or Airport products, and cannot help me resolve the issue because of that. So, I have a $300 router that apparently cannot perform a simple routing function (download through a forwarded port), that I cannot troubleshoot (because Airport software v7 is an epic fail in that regard), made by a company who cannot support it - and everything this $300 device is doing can be done by a $50 device with a $100 external hard drive?
Do I understand this situation correctly? What have I missed in trying to troubleshoot this thing?
Excellent summary.. I think you have covered all the salient points most thoroughly.
Port forwarding on the TC I would put into the category of "epic fail"
I have a nasty feeling it just doesn't work in many cases. Clearly from your situation the port is forwarded correctly.. it is the actual download that is causing the device to crash.. which is probably not the port forwarding itself that is at fault but rather the external link and opening another port for the download to happen.
Many of the issues were caused by using icloud and btmm.. which would work a lot better btw. Although the hassle there is needing to offer that as a service to any Tom Dick or Harry.
Let me suggest a work around or other things to try.
I also have an older 500GB 1st generation Time Capsule. I set it up with the same config as my 2TB TC, and it shows the exact same behavior - internet disconnects upon initiating a file download through a forwarded port.
Use 5.6 utility.. more info below. And take the firmware of this unit (Gen1) back to 7.5.2 (before icloud mess ups in 7.6).
You can go back to 7.5 firmware also in Gen4 TC if it is more than about 14months old.. Simply hold down the option key when you select firmware and the old versions will show up. If your TC came with 7.6.1 (the 7.6.2 was withdrawn as it was even bigger failure than 7.6.3). then you cannot go back.
You might also find downloading via http is not as reliable as using FTP.. FTP is a better and more efficient protocol. It should be no problem to setup ftp server on the mac pro to allow download via ftp even with a browser.
But in the end.. your $50 router suggestion.. well perhaps a little more than that.. $80-100 will work very well.. also this router can be setup with a Hard Disk and offer the files to the internet via FTP.. without needing full network access to your internal network.
How to load 5.6 into ML.
1. Download 5.6 for Lion.
http://support.apple.com/kb/DL1482
Click to open the dmg but do not attempt to install the pkg.. it won't work anyway.
2. Download and install unpkg.
http://www.timdoug.com/unpkg/
Run unpkg on the desktop.. it is very simple.. drag the AirPortUtility56.pkg file over to unpkg.. and it will create a new directory of the same name on the desktop.. drill down.. applications utilities .. there lo and behold is Airport utility 5.6 .. drag it to your main utilities directory or just run it from current location.
You cannot uninstall 6.1 (now 6.2 if you updated) so don't try.. and you cannot or should not run them both at the same time.. so just ignore the toyland version.. the plastic hammer.. and start using 5.6.. a real tool.
For screen shots see this post.
https://discussions.apple.com/thread/4668746?tstart=0

How do I port forward or open a port on the Airport time capsule to hook p a security system?

I have an airport time capsule and a security system. The installer doesn't know anything about using routers etc, especially on a mac. They say I have to port forward or open a port specifically of this device. I have very few skills when doing this IT type. Is this hard to do? Can I do it myself? He wants to get an IT guy out? $55 an hour, how long would it take? Thanks in advance for anyone who can help!

The method is here.
AirPort - Port Mapping Basics using AirPort Utility v6.x
If you need to get someone in, it depends.. The TC can be recalcitrant.. due to your setup of it following the apple guides.. and it depends on the security system and how simple that is.
There are multiple issues.. for example how do you find your IP address from the web when you have dynamic IP from your ISP.
Do you intend to setup dynamic DNS? Can the camera /dvr system handle Dynamic DNS?
I recommend you read very carefully the instructions for what has been installed.. because merely opening the port is only a small part of the issues involved in remote access to the security system.

Port forwarding for airport utility 5.6.1

Hi,
The previous version of airport utility had a simple tab "port mapping" that allowed me to forward ports so that various servers running on my machine could be accessible via outside of my WAN/LAN. However, when using the latest version, I don't see anything related to port mapping, the closest I found was an IPv6 Firewall-- which I am not certain is what I am looking for......
Ultimately, I have a development web server that I run on port 3000, and I want this to be accessible from the outside world--- and also I would like VNC guests to be able to do screen sharing / remote access which I believe is through port 5900... How can I make these two things accessible through my standard IPv4 address?
Thank you.

Tesserax, you seem to be the Airport Extreme guru. Been trying to find answers on forums all day so as not to duplicate a post. Also tried to find a way to contact you directly so as not to get off topic here...but couldn't see an option.
Running Airport Extreme Version 7.6.1. Hosting a FileMaker Pro 10 file on a PowerPC on my home network (ISP is TimeWarner ...ugh). Need to publish this file to the URL the gent that hosts my site has pointed at my public IP addy here on my home network.
Created DHCP Reservation by MAC Address for the machine hosting to achieve static IP. Have opened ports 80 and 5003 (filemaker) in Port Mapping. Both pointing at the IP addy of that same machine hosting the file. Some discussions have said to make the end of IP .201 or higher for port forwarding so I've done so.
Port checkers all say these ports are still closed. Time Warner has told me they are not blocking either of these ports and that my modem does not have a firewall holding things up—they say the prob is with my router settings.
I should probably also mention that I used to successfully forward these ports and host/access this file via the URL (same ISP and domain host etc. then as currently).
Obviously posting here because none of this is working. Have looked over the links and docs you regularly reply with—hoping you may have other wisdom to give us. Thanks in advance.

Can not port forward on WRT54GS v6 "You cannot use the router IP"

Hello, I'm trying to open a port number, but when I try to use my router's IP, the following message appears
"You cannot use the router IP, network, or broadband address"
[IMG]http://i45.tinypic.com/107qond.jpg[/IMG]
My ADSL was working as a NAT behind a NAT connection, so I had to change my Local IP Address to 192.168.2.1.
Router: WRT54GS v6 firmware 1.52.8 (latest) - Bellsouth router: Westell 6100
Microsoft Windows [Version 6.1.7600]
Ethernet adapter Local Area Connection:
   Connection-specific DNS Suffix . : launchmodem.com
   Link-local IPv6 Address . . . . . : fe80::40a9:a76e:61b3:6435%11
   IPv4 Address. . . . . . . . . . . : 192.168.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.2.1
So, please help me, how can I open ports on my router? =[
PS: I tried to use 192.168.2.100, and even though it lets me use it, it still seems not to open that port... my IP is dynamic.

Generally: NAT behind NAT is a bad idea. There is usually no need for double NAT. Either configure the ADSL router as bridge and use the WRT for your internet connection or set up the WRT as simple access point behind the ADSL router.
It's also unclear to me what is working or not. First I thought you can't set up forwarding at all because you get that error message. Then, in your PS you write you tried to use 192.168.2.100 and that seemed to be possible. The IP address to forward to must be the IP address of the computer to which you want to forward. Thus 192.168.2.100 is exactly the IP address you have to set up. Does this work or not?
Also remember: with double NAT you must set up two forwardings: first on the ADSL router then on the WRT. Port forwarding is necessary to allow incoming traffic through NAT. All incoming traffic arrives on the ADSL router. Thus setting up port forwarding on the WRT only won't do a thing.
It's also not recommend to use dynamic IPs for forwarding destinations. Dynamic IP addresses may change over time and that requires you to adjust forwardings accordingly. It's better to reserve fixed IP addresses (if your WRT supports this) or set a static IP address on the computer outside the DHCP address pool.

SMTP Port forward times out incoming mail

Hello-
I have an AirPort extreme with an AirPort Express WDS extension. In the Express, I've wired in my in-house mail server. I port forwarded both TCP and UDP for port 25 to the correct (static) IP address. With this configuration, mail frequently was dropped with the sending server getting a timeout error. After much struggle, I found that setting the default host as my mail server fixed everything. I enabled the firewall on the server and blocked all but the ports I'd been forwarding through the Extreme. All works well. The receiving mail server is Exchange 2003. The mail server on the Internet through which all of my mail bounces is running qmail. The bounce is what enabled me to monitor the log status as email was coming in.
My question is: why would making the server the default host have worked? I postulated that there was an additional port being used which is not now blocked by the Extreme, but since I firewalled out the same ports on the server, I don't feel that this could be the case. Furthermore, SOME email made it through but most of it did not. I saw nothing in the Extreme's SNMP log that indicated any blocking was going on.
I would MUCH rather simply port forward on the Extreme so if anyone has any idea why this would have been happening, I'd appreciate it. I should also note that before I installed my AirPort Extreme, this configuration with my old router (using port forwarding) worked flawlessly.
As a side note, I am running the Extreme in G-Only mode as some LinkSys cards on my network wouldn't behave if N was enabled.
-Kiyu
Message was edited by: QZG

Let us separate between the intermittent SMTP errors and the slowing down for the time being. What happens (and how long it takes) when you open a shell and connect to the SMTP server ? For example, try something like this:
]# telnet smtp.google.com 25 (if your smtp server is imap google)
try to send a simple message and see how long it takes, e.g.
helo smtp.google.com
--

Set up Port Forwarding?

Is it possible to set up port forwarding directly on an iMac?
This is for video streaming from a house camera, over the net.
I have a simple cable modem, and no router or gateway.
I would rather avoid buying a router, or airport exteme, if I could.
Thanks.
mac

Mac81 wrote:
Is it possible to set up port forwarding directly on an iMac?
This is for video streaming from a house camera, over the net.
I have a simple cable modem, and no router or gateway.
I would rather avoid buying a router, or airport exteme, if I could.
Thanks.
mac
You can't avoid buying a router. Every home or business network should be behind a NAT router of some type.

BT Home Hub Port Forwarding, Device Not Listed

Hi Guys,
It's quite a simple one really but it has me totally stumped. I've been trying to open a couple of ports recently, for games etc and I know how all this port forwarding stuff works, but recently I had hard drive issues and had to re-install windows etc, all the usual **bleep**. Since then though, when trying to forward a port in the hub manager (I have BT Home Hub 2), my device doesn't appear in the drop down list, neither the physical hexadecimal address nor the name I assigned to the machine! My Xbox, Iphone and my dads laptops are all on the list... just not the machine I'm using right now, even though its wired up by ethernet cable and I'm using the hub for the internet to get onto this website right now! -.-
Any help is appreciated!

Anonymoose wrote:
Hi Guys,
It's quite a simple one really but it has me totally stumped. I've been trying to open a couple of ports recently, for games etc and I know how all this port forwarding stuff works, but recently I had hard drive issues and had to re-install windows etc, all the usual **bleep**. Since then though, when trying to forward a port in the hub manager (I have BT Home Hub 2), my device doesn't appear in the drop down list, neither the physical hexadecimal address nor the name I assigned to the machine! My Xbox, Iphone and my dads laptops are all on the list... just not the machine I'm using right now, even though its wired up by ethernet cable and I'm using the hub for the internet to get onto this website right now! -.-
Any help is appreciated!
Hi Anonymoose and welcome
Try power cycling the hub (turn it off and on) with your device connected and see if it then appears on the list.
-+-No longer a forum member-+-

Simple Port Forwarding - SRW2016, SRW2024, SRW2048

Similar Messages

Maybe you are looking for