Options
Port forwarding 877w
shaunebop
Member Posts: 29 ■□□□□□□□□□
Hi guys
Does anybody know why i cant access my internal servers when i change the port numbers from the standard ones to user specified, eg for ssh is originally 22 but i have changed it to 2001 and i also have 2 servers which both use https so have changed the 1 to 3999 instead of 443. I use the command ip nat inside source static tcp 192.168.0.38 3999 interface dialer0 3999.
I use these commands all the time on 2600 and 1700 series routers with no problem it's only when i configure these commands on a 877w that they dont work?
Here is the running config i knocked.
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 877w
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
dot11 ssid MooMoo
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxxx
!
ip cef
!
!
!
!
ip domain name xxxxxxxxxxx
ip name-server 4.2.2.2
ip ssh time-out 30
ip ssh port 2001 rotary 1
ip ssh logging events
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http://shaunebop
xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxx.com&myip=<a>
remove http://shaunebopxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxx.isa-geek.com&myip=<a>
!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3665536970
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3665536970
revocation-check none
rsakeypair TP-self-signed-3665536970
!
!
crypto pki certificate chain TP-self-signed-3665536970
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363635 35333639 3730301E 170D3032 30333031 30333437
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363535
33363937 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C542 5C51F2EF 3E8A4D06 58A08EB1 39315887 70205568 BA90DAF4 F5B18915
192666EE CF1D48A4 DB2C9474 C52D6032 6271203A 4A317739 9BAD28BF 80E90122
6010C01A 9E3E784B 57579D2A E277A19F 8C2938BC 997D757E 8A81FE66 5FE3B46F
3DA1006C 23DD516D 5E9B8A60 0783A4A7 A12AECEB 8071F75B 441F64B0 A31135C4
8D3D0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B383737 772E7368 61756E65 626F702E 6973612D 6765656B
2E636F6D 301F0603 551D2304 18301680 1490A7BC 0F8A9454 34982AFB 2120251E
6D667E82 19301D06 03551D0E 04160414 90A7BC0F 8A945434 982AFB21 20251E6D
667E8219 300D0609 2A864886 F70D0101 04050003 81810009 47C2FE5B 987806CD
279C0140 0AD4F05F 520036B8 2361106D 800721C7 CBB8823A 4767C618 B778D214
3CD40DCC E61C3D3C A8ED094C 3FC3BC92 41FF46A2 DFB17F98 888BFE29 B87D7DFA
24FD5825 077164E0 C7E37E39 DA6756D5 27603B76 08BAE0B1 7C0AFCAE D716FD25
A2405507 E4B4E1C0 CC3F7932 FEF3378E 5D135862 9A3231
quit
!
!
username shaun privilege 15 secret 5 $1$j8q0$mHmLuujpKN1N2mn54/dmz.
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
beacon period 2000
!
encryption mode ciphers tkip
!
broadcast-key change 300 membership-termination
!
!
ssid MooMoo
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer0
ip ddns update hostname xxxxxxxxxxxxxxxxx
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxxxx
ppp pap sent-usernamexxxxxxxxxxx password 0 xxxxxxxxxxxxx
!
interface BVI1
ip address 192.168.0.33 255.255.255.240
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute static
network 192.168.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.33 2001 interface Dialer0 2001
ip nat inside source static tcp 192.168.0.33 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.38 3999 interface Dialer0 3999
!
access-list 1 permit 192.168.0.32 0.0.0.15
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login
************************************************
* 877w NO UNAUTHERIZED USERS *
************************************************
!
line con 0
exec-timeout 30 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
!
scheduler max-task-time 5000
end
Thanks Guys
Does anybody know why i cant access my internal servers when i change the port numbers from the standard ones to user specified, eg for ssh is originally 22 but i have changed it to 2001 and i also have 2 servers which both use https so have changed the 1 to 3999 instead of 443. I use the command ip nat inside source static tcp 192.168.0.38 3999 interface dialer0 3999.
I use these commands all the time on 2600 and 1700 series routers with no problem it's only when i configure these commands on a 877w that they dont work?
Here is the running config i knocked.
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 877w
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
dot11 ssid MooMoo
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 xxxxxxxx
!
ip cef
!
!
!
!
ip domain name xxxxxxxxxxx
ip name-server 4.2.2.2
ip ssh time-out 30
ip ssh port 2001 rotary 1
ip ssh logging events
ip ssh version 2
ip ddns update method DynDNS
HTTP
add http://shaunebop
xxxxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxxx.com&myip=<a>remove http://shaunebop
xxxxxx@members.dyndns.org/nic/update?system=dyndns&hostname=xxxxxxx.isa-geek.com&myip=<a>!
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3665536970
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3665536970
revocation-check none
rsakeypair TP-self-signed-3665536970
!
!
crypto pki certificate chain TP-self-signed-3665536970
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363635 35333639 3730301E 170D3032 30333031 30333437
31395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36363535
33363937 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C542 5C51F2EF 3E8A4D06 58A08EB1 39315887 70205568 BA90DAF4 F5B18915
192666EE CF1D48A4 DB2C9474 C52D6032 6271203A 4A317739 9BAD28BF 80E90122
6010C01A 9E3E784B 57579D2A E277A19F 8C2938BC 997D757E 8A81FE66 5FE3B46F
3DA1006C 23DD516D 5E9B8A60 0783A4A7 A12AECEB 8071F75B 441F64B0 A31135C4
8D3D0203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B383737 772E7368 61756E65 626F702E 6973612D 6765656B
2E636F6D 301F0603 551D2304 18301680 1490A7BC 0F8A9454 34982AFB 2120251E
6D667E82 19301D06 03551D0E 04160414 90A7BC0F 8A945434 982AFB21 20251E6D
667E8219 300D0609 2A864886 F70D0101 04050003 81810009 47C2FE5B 987806CD
279C0140 0AD4F05F 520036B8 2361106D 800721C7 CBB8823A 4767C618 B778D214
3CD40DCC E61C3D3C A8ED094C 3FC3BC92 41FF46A2 DFB17F98 888BFE29 B87D7DFA
24FD5825 077164E0 C7E37E39 DA6756D5 27603B76 08BAE0B1 7C0AFCAE D716FD25
A2405507 E4B4E1C0 CC3F7932 FEF3378E 5D135862 9A3231
quit
!
!
username shaun privilege 15 secret 5 $1$j8q0$mHmLuujpKN1N2mn54/dmz.
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
ip nat outside
ip virtual-reassembly
no snmp trap link-status
pvc 0/38
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
beacon period 2000
!
encryption mode ciphers tkip
!
broadcast-key change 300 membership-termination
!
!
ssid MooMoo
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer0
ip ddns update hostname xxxxxxxxxxxxxxxxx
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxx
ppp chap password 0 xxxxxxxxxxxxxxxxxx
ppp pap sent-usernamexxxxxxxxxxx password 0 xxxxxxxxxxxxx
!
interface BVI1
ip address 192.168.0.33 255.255.255.240
ip nat inside
ip virtual-reassembly
!
router rip
version 2
redistribute static
network 192.168.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.33 2001 interface Dialer0 2001
ip nat inside source static tcp 192.168.0.33 443 interface Dialer0 443
ip nat inside source static tcp 192.168.0.38 3999 interface Dialer0 3999
!
access-list 1 permit 192.168.0.32 0.0.0.15
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login
************************************************
* 877w NO UNAUTHERIZED USERS *
************************************************
!
line con 0
exec-timeout 30 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
!
scheduler max-task-time 5000
end
Thanks Guys
Oh no iv'e got brain freeze again!