|
Introduction Port forwarding or port mapping is the practice of forwarding a TCP/IP packet in a network address translator gateway to a specified network port on a host within a masqueraded, typically private network based on the port number on which it was received from the originating host. Filtering and NATFirst the translation occurs and then the filter (access list) is applied. Therefore the destination address specified in the access list should be the local-ip as the translation has already occured. Configuration Here a packet having a global destination address and coming on a particular port, is to be forwarded to a local-ip and a specified port. Okapi is connected to the internet cloud through interface fastethernet-0. Configure this interface as "ip nat outside". Okapi(config)# interface FastEthernet 0
Okapi(config-if-eth)# ip address 122.160.77.22 255.0.0.0
Okapi(config-if-eth)# ip nat outside Then we define the NAT rule which says, that all the incoming packets from the external network in the router with estination address as the global-ip and destination port as global-port will have their destination address translated o local-ip and destination port to the local-port. The packet will then be forwarded to the internal network. Okapi(config)# ip nat inside source static tcp 10.20.50.7 8085 192.168.1.10 80
A thing to note is that if an access list is already applied on the interface, then we need another access
list to permit this traffic, as it is denied access by default. Okapi(config)# access-list 110 permit tcp any 10.20.0.0 0.0.255.255 eq 8085
Here the source address is "any" thus accepting all the source addresses, and destination address is the address that is obtained after translation.
|
