Re: OT: Port Address Translation

From: Lab Candidate (labccie@xxxxxxxxx)
Date: Sun Apr 21 2002 - 21:34:28 GMT-3

• Next message: Jason Sinclair: "RE: access-expression !"
• Previous message: Lupi, Guy: "Catalyst port security problem"
• Maybe in reply to: Jeff Szeto: "OT: Port Address Translation"
• Next in thread: Phil: "Re: OT: Port Address Translation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
for example, the eth0(10.1.1.1) of your R1 is the only address visible from use
rs and is where the
incoming traffic comes from(that is, you label it as ip nat outside in this cas
e), you want to NAT
or PAT all the incoming connections of ftp, telnet or www etc. to hosts on the
same subnet as R1's
eth0 at addresses like 10.1.1.2, 10.1.1.3....etc. how would you do it? am I mak
ing it clear or
not?

--- Michael Popovich <m.popovich@mchsi.com> wrote:
> Can you give an example of what you are wanting?
> ----- Original Message -----
> From: "Lab Candidate" <labccie@yahoo.com>
> To: "kym blair" <kymblair@hotmail.com>
> Cc: <ccielab@groupstudy.com>; <cdmurray@statestreet.com>;
> <jytszeto@hotmail.com>; <nobody@groupstudy.com>
> Sent: Sunday, April 21, 2002 2:53 PM
> Subject: Re: OT: Port Address Translation
>
>
> > How would you configure if you want to redirect onto the same subnet as
> the inbound interface?
> >
> >
> > "kym blair" <kymblair@hotmail.com>
> > Sent by: nobody@groupstudy.com
> > 04/19/2002 12:01 AM
> > Please respond to "kym blair"
> >
> > To: jytszeto@hotmail.com, cdmurray@statestreet.com
> > cc: ccielab@groupstudy.com
> > Subject: Re: OT: Port Address Translation
> >
> > Jeff,
> >
> > You would implement PAT as follows:
> >
> > ip nat inside source static tcp 192.168.0.1 21 1.1.1.1 21 extendable
> > ip nat inside source static tcp 192.168.0.2 23 1.1.1.1 23 extendable
> > ip nat inside source static tcp 192.168.0.3 80 1.1.1.1 80 extendable
> >
> > Or, another cool way to set up PAT on your home lab is to set it so if you
> > telnet to 1.1.1.1 port 4567 you get logged onto Router2, if you telnet to
> > 1.1.1.1 port 4568 you get logged onto Router3, if you telnet to 1.1.1.1
> port
> > 4569 you get logged onto Router4, etc:
> >
> > ip nat inside source static tcp 192.168.0.1 23 1.1.1.1 4567 extendable
> > ip nat inside source static tcp 192.168.0.2 23 1.1.1.1 4568 extentable
> > ip nat inside source static tcp 192.168.0.3 23 1.1.1.1 4569 extendable
> >
> > Now, from an outside router:
> >
> > telnet 1.1.1.1 4567
> >
> > You'll be prompted for the vty password on Router2 (192.168.0.1)
> >
> > telnet 1.1.1.1 4568
> >
> > You'll be prompted for the vty password on Router3 (192.168.0.2)
> >
> > etc.
> >
> > HTH,
> >
> > Kym
> >
> >
> > >From: "Jeff Szeto" <jytszeto@hotmail.com>
> > >Reply-To: "Jeff Szeto" <jytszeto@hotmail.com>
> > >To: <cdmurray@statestreet.com>
> > >CC: <ccielab@groupstudy.com>
> > >Subject: Re: OT: Port Address Translation
> > >Date: Fri, 19 Apr 2002 13:50:11 +0800
> > >
> > >Hi Christine,
> > >
> > >Thanks for your respones.
> > >
> > >I think that my bad english makes you misunderstand the question.
> > >I say it this way. My company's router has a public ip, say 1.1.1.1, and
> is
> > >connecting to the internal network 192.168.0.x/24. The internal network
> has
> > >3 different servers: ftp (192.168.0.1), telnet (192.168.0.2) and http
> > >(192.168.0.3).
> > >
> > >What I want to do is: If I ftp 1.1.1.1 from outside, eg my home, the
> > >router
> > >connect me to the ftp server. On the other way, if I telnet 1.1.1.1, the
> > >router will then connect me to the telnet server.
> > >
> > >Can I do this with the router or I need other equipment?
> > >Thank you very much.
> > >
> > >Jeff
> > >
> > >----- Original Message -----
> > >From: <cdmurray@statestreet.com>
> > >To: Jeff Szeto <jytszeto@hotmail.com>
> > >Sent: Friday, April 19, 2002 1:32 PM
> > >Subject: Re: OT: Port Address Translation
> > >
> > >
> > > >
> > > > Jeff
> > > > Here's one way of doing it:
> > > > =========================================================
> > > > NAT sample
> > > >
> > > > ip nat pool TEST 192.180.253.66 192.180.253.66 netmask 255.255.255.240
> > > > ip nat inside source list 10 pool TEST overload
> > > >
> > > > interface Ethernet0
> > > > ip address 169.191.10.89 255.255.255.240 secondary
> > > > ip address 192.180.253.65 255.255.255.240
> > > > ip nat inside
> > > >
> > > > interface Serial0
> > > > ip address 10.227.200.5 255.255.255.252
> > > > ip nat outside
> > > >
> > > > access-list 10 permit 169.191.10.0 0.0.0.255
> > > > ==============================================
> > > >
> > > >
> > > >
> > > > Regards,
> > > > Christine Murray
> > > > Ph: 612-93236124
> > > > cdmurray@statestreet.com

• Next message: Jason Sinclair: "RE: access-expression !"
• Previous message: Lupi, Guy: "Catalyst port security problem"
• Maybe in reply to: Jeff Szeto: "OT: Port Address Translation"
• Next in thread: Phil: "Re: OT: Port Address Translation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:15 GMT-3