Avatar billede JBI1986 Nybegynder
03. september 2014 - 22:07 Der er 5 kommentarer

Cisco 891 - "Port Forwarding" over nat

Er der en som vil hjælpe en ven i nød.

Jeg har den her Cisco 891 Router.

Jeg kan ikke huske hvordan man laver port forwarding da det er Mange år siden jeg har configureret en router.

fx forward:

Port 443(TCP) protokol https skal forwardes til 192.168.1.6

Min Wan adresse fra ISP er 176.222.238.146

Current configuration : 6158 bytes
!
! Last configuration change at 19:17:41 UTC Wed Sep 3 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname KBH_Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 DOMrmiA0J9RTNNStEDZgOItWnGiYEf/Wt6LKFbOaX1.
enable password ISAmedia14
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3593344322
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3593344322
revocation-check none
rsakeypair TP-self-signed-3593344322
!
!
crypto pki certificate chain TP-self-signed-3593344322
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33353933 33343433 3232301E 170D3134 30333135 30323434
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35393333
  34343332 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B8D4 AAA1F4D8 0F2C4A83 5EB9075E 6A51CE97 F55A557D 2477E76C 912B11E3
  42DAFE2C AEF82F71 5D18D6CE A131E366 15B14AA3 4908E7AA 1C15D08C 4FFE7551
  D6134E3C 853D70B8 A3EF333B D8DBE6AC 3F5B6377 CDCC0AA5 0D60657D 1A748202
  F59BCF57 AF54471F E568AC37 8A9AC441 7EB726AD 67292355 6426A63A CBB6AEA8
  C0E90203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 147591FE 536CEE62 EBA0B152 E0F6C8F1 73062ACC 7F301D06
  03551D0E 04160414 7591FE53 6CEE62EB A0B152E0 F6C8F173 062ACC7F 300D0609
  2A864886 F70D0101 05050003 8181006E E8A840D8 C69615FA BD5CA5A6 80EF6BAA
  2C06B7B4 71DE42D6 BFECD59A C779FDB8 9602BBA6 444E0F49 AB049294 725742EE
  B19AA8B9 ACB83E8C 5249955E 7A033E43 86E5CBB1 4ADA247B F0F77ECB FC654914
  F3AD37FF 54BA3291 BEB36B1E 3897DB25 3EDEF086 B162B618 24F2289B E6495FBA
  A7019A7A 15F85F89 49D7E606 F9636B
        quit
ip cef
!
!
!
!


!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.20
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool vlan1pool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 91.143.114.64
!
!
!
no ip domain lookup
ip domain name yourdomain.com
ip name-server 91.143.112.64
ip name-server 91.143.114.64
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891-K9 sn FCZ1811947E
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.108.1.1 255.255.255.0
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
no ip address
!
interface FastEthernet5
no ip address
!
interface FastEthernet6
no ip address
!
interface FastEthernet7
no ip address
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Loopback0
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0
description WAN
ip address 176.222.238.146 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no keepalive
!
interface Vlan1
description $ETH_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 176.222.238.145
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
gateway
timer receive-rtp 1200
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.


username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
password xxxx
login
line 1
password xxxx
modem InOut
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password xxxx
login
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end
Avatar billede welcor Nybegynder
03. september 2014 - 23:54 #1
Så vidt jeg kan regne ud skal dette løse det:

ip nat inside source static tcp 192.168.1.6 443 176.222.238.146 443
Avatar billede JBI1986 Nybegynder
04. september 2014 - 10:14 #2
Det der er ikke helt dumt. det vil jeg lige prøve, syntes at det giver mening.

Kan du fortælle mig ud fra min running config.
Hvorfor at, når jeg tilslutter en pc i en port så trækker den en IP adresse.
Men når jeg tilslutter en anden i samme port vil den ikke trække en IP adresse.

Det virker som om at når der har været en pc tilsluttet en port så bliver den port låst til pc mac og så er der ikke andre der kan optage en ip adresse igennem denne port.

Men sytes ikke at jeg kan se at denne config er tilstede :/
Avatar billede welcor Nybegynder
04. september 2014 - 11:39 #3
jeg synes ikke der er noget som passer med de tingene som står her : http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-prt-bsd-aa.pdf

Det at sætte dhcp op på cisco-routere er relativt enkelt:
http://www.wkydd.com/index.php/blog/57-how-to-configure-dhcp-on-a-cisco-router
Jeg ville nok lagt en lease-tid på.
Avatar billede JBI1986 Nybegynder
04. september 2014 - 12:20 #4
Nej, det er der nemlig ikke så forstår ikke helt hvorfor det går så galt :(
Avatar billede JBI1986 Nybegynder
06. september 2014 - 16:37 #5
Jeg droppede det hele, og blev enig med mig selv om at det er MANGE ÅR SIDEN Jeg har lavet sådan noget her :)
så ville prøve med det simple.

Så ville prøve at bare få DHCP; 2 gange vlan, og nat til at fungere,
plus at have en wan forbindelse til min router fra min ISP.

Nu har jeg sat en pc til port 0 og trækker Ip adresse kan pinge fra PC og til Den dynamisk tildelte ip på min wan port FA8

Men kan ikke pinge længere ud, en der vil give et svar på denne så jeg kan få lukket denne sag? :)

ip dhcp excluded-address 10.10.10.1 10.10.10.30
ip dhcp excluded-address 10.10.20.1 10.10.20.20
!
ip dhcp pool Vlan10
network 10.10.10.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.10.10.1
!
ip dhcp pool Vlan20
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 8.8.8.8
!
!
!
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891-K9 sn FCZ1811947E
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback10
ip address 10.10.200.1 255.255.255.0
!
interface FastEthernet0
switchport access vlan 10
no ip address
!
interface FastEthernet1
switchport access vlan 10
no ip address
!
interface FastEthernet2
no ip address
shutdown
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
switchport access vlan 20
no ip address
!
interface FastEthernet5
no ip address
shutdown
!
interface FastEthernet6
no ip address
shutdown
!
interface FastEthernet7
no ip address
shutdown
!
interface FastEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 10.10.100.1 255.255.255.0
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Async1
no ip address
encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat source list 1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet8
!
access-list 1 permit any
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password Jesper2311
login
transport input all
!
!
end

Jesper#sh dh
Jesper#sh dhcp l
Jesper#sh dhcp lease
Temp IP addr: 192.168.0.162  for peer on Interface: FastEthernet8
Temp  sub net mask: 255.255.255.0
  DHCP Lease server: 192.168.0.1, state: 5 Bound
  DHCP transaction id: 1484
  Lease: 86400 secs,  Renewal: 43200 secs,  Rebind: 75600 secs
Temp default-gateway addr: 192.168.0.1
  Next timer fires after: 11:38:02
  Retry count: 0  Client-ID: cisco-b838.614a.cf04-Fa8
  Client-ID hex dump: 636973636F2D623833382E363134612E
                      636630342D466138
  Hostname: Jesper
Avatar billede Ny bruger Nybegynder

Din løsning...

Tilladte BB-code-tags: [b]fed[/b] [i]kursiv[/i] [u]understreget[/u] Web- og emailadresser omdannes automatisk til links. Der sættes "nofollow" på alle links.

Loading billede Opret Preview
Kategori
IT-kurser om Microsoft 365, sikkerhed, personlig vækst, udvikling, digital markedsføring, grafisk design, SAP og forretningsanalyse.

Log ind eller opret profil

Hov!

For at kunne deltage på Computerworld Eksperten skal du være logget ind.

Det er heldigvis nemt at oprette en bruger: Det tager to minutter og du kan vælge at bruge enten e-mail, Facebook eller Google som login.

Du kan også logge ind via nedenstående tjenester