Cisco IOS port forwarding

ciscoios

I'm trying to forward a port to an inside server. I have tried using static nat to forward it and I have opened it up in the access list as far as I know but I can't seem to get it to open.

Best Answer

The command is 

ip nat inside source static <internal address> <public address>

for NATing the an entire IP, or 

ip nat inside source static tcp <internal address> <port> <public address> <port>
ip nat inside source static udp <internal address> <port> <public address> <port>

For specifc udp or tcp ports.

Then you need to have an access list on the outside interface that permits access to the port on the public address.

Also, make sure you have ip nat inside on the inside interface and ip nat outside on the outside interface

Update 1

The access-list bound to the external interface needs to include a rule to allow the incoming connection. Lets say you have port 80 is the port you want to forward. Lets also say that Dialer0 is your outside interface and FastEthernet0 is your inside, and 10.1.1.1 is the internal IP address:

interface FastEthernet 0
    ip nat inside
!
interface Dialer 0
    ip nat outside
    ip access-group outside-in in
!
ip nat inside source static tcp 10.1.1.1 80 interface Dialer0 80

ip access-list extended outside-in
    permit tcp any any eq 80
    deny ip any any

Note that with this example, I have bound the NAT to the Dialer0 interface so that we don't need to hard code the IP address into the config - it will take whatever address the D0 interface has as the public address.

Also note that the permit command in the access-list allows access to any IP on port 80. Only use this method if the router does not route other addresses than the one used for the outside interface. Otherwise, hardcode host <ip address> where the IP address is that of the outside interface in place of the second "any"

Related Topic