RE: PAT over ports > 80

From: Jens Petter (jenseike@start.no)
Date: Tue Nov 28 2006 - 09:14:01 ART

• Next message: Serhat Aslan: "Re: Dynamips"
• Previous message: Jens Petter: "RE: PAT over ports > 80"
• Maybe in reply to: Edouard Zorrilla: "PAT over ports > 80"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry... thos static nat statement should be nated to the interface of
course :

Ip nat inside source list 8 interface Ethernet 1 overload
Ip nat inside source static tcp 192.168.1.100 80 80 interface Ethernet 1 80
Ip nat inside source static tcp 192.168.1.100 80 22interface Ethernet 1 22
Ip nat inside source static tcp 192.168.1.100 80 23 interface Ethernet 1 23
 
Mvh
Jens Petter Eikeland
Mob 98247550
Hipercom AS

-----Original Message-----
From: Jens Petter [mailto:jenseike@start.no]
Sent: 28. november 2006 13:06
To: 'Edouard Zorrilla'; 'security@groupstudy.com'
Cc: 'ccielab@groupstudy.com'
Subject: RE: PAT over ports > 80

If you do a static nating together with a dynamic nat statement the static
will take presens (hit first.. In this config below all ports other than 22,
23 and 80 are
left to dynamic pat`ing.. When you do dynamic pat`ing you don't use ports
under 1024 anyway...

Like this

Ip nat inside source list 8 interface Ethernet 1 overload
Ip nat inside source static tcp 192.168.1.100 80 81.100.100.100 80
Ip nat inside source static tcp 192.168.1.100 22 81.100.100.100 22
Ip nat inside source static tcp 192.168.1.100 23 81.100.100.100 23

As soon as you do the static nat command you will get a translation in the
nat table
as soon as you enter the command in.

With the dynamic nat, you don't get any translations in to the nat table
before
you actually have any traffic coming trough the router...

Same goes for port 22 and 23 as you need

The router will keep track of the ports here.

 
Mvh
Jens Petter Eikeland
Mob 98247550
Hipercom AS
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Edouard Zorrilla
Sent: 28. november 2006 12:39
To: security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: PAT over ports > 80

Hello There,

Yesterday I run into a issue when I tried to change a zyxel by a cisco
router
inside a customer site. (1) The zyxel allow the customer to make PAT over
ports more (not equal) than 80 to 65535 overloading the outside interface
(public address). (2) And allow to public their web page making a nat
one-to-one using the 80 port using the outside interface. (3) Besides it
allow
to being maneged making a telnet/ssh to the outside interface.

I know that (2) and (3) can be done, but what about the (1) ? does cisco
allow
me to do a PAT over a range of ports ? I have been doing some research with
out luck, sI will appreciate some one help me with this issue.

Regards

• Next message: Serhat Aslan: "Re: Dynamips"
• Previous message: Jens Petter: "RE: PAT over ports > 80"
• Maybe in reply to: Edouard Zorrilla: "PAT over ports > 80"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART