Posts Tagged ‘cisco’

how to configure port forwarding

Friday, April 10th, 2009

Here are the steps to set up a port forwarding if you have a configuration like the one below (using NAT). The public (routable/real) IP address is 212.3.4.5, your (web in this case) server’s IP is 192.168.1.10. Since it is a web server, it will listen on port 80.
cisco 300x111 how to configure port forwarding

ip nat inside source static tcp 192.168.1.10 80 212.3.4.5 80 route-map nonat extendable

If you have two or more webservers, you need to assign different port numbers to each port forwarding. It’s good practice to assign a port other than 80 there is no express need for using implicit ports.

ip nat inside source static tcp 192.168.1.10 80 212.3.4.5 1880 route-map nonat extendable
ip nat inside source static tcp 192.168.1.11 80 212.3.4.5 2880 route-map nonat extendable

I the above case, you will access the 192.168.1.10 serer by pointing your browser at http://212.3.4.5:1880 and the 192.168.1.11 by pointing your browser at http://212.3.4.5:2880

The next step is to create a rule to permit access to your server(s). I prefer using a Zone-based Firewall, so my acl-s have sugestive names. I will create an acl that permits access from the intrenet (outside) to the server from the intranet (inside):

ip access-list extended internet-to-intranet-acl
permit ip any host 192.168.1.10 eq 80

The above acl can be translated as: permit access using IP protocol from any source to host 192.168.1.10 on port 80.

Tags: , ,
Posted in IT&C Stuff | No Comments »

zone-based firewall on cisco routers

Tuesday, March 31st, 2009

Cisco introduced Zone-based Policy Firewall since it’s 12.4(6) IOS release. It helps organizing firewall policies on multi-interface routers. This small tutorial will show how to set up a simple firewall policy on a router that interconnects three networks:

dmz 300x136 zone based firewall on cisco routers

  • Internet (on FastEthernet 0)
  • DMZ (on FastEthernet 1)
  • Intranet (on FastEthernet 2)

The steps are:

  1. Define class-maps that describe the traffic that you want to permit between zones
  2. Configure policy-maps to inspect traffic on the class-maps you just defined
  3. Configure the clients and servers zones and assign router interfaces to their respective zones
  4. Configure the zone-pair and apply the appropriate policy-map
  5. Configure access-lists for strengthening the firewall

(more…)

Tags: , ,
Posted in IT&C Stuff | 1 Comment »

How to reset the settings on a Cisco router

Sunday, September 7th, 2008

Why the need to restore the factory settings on a router? I see two possible reasons:

  • You want to sell / donate the router and protect your information
  • You need to reconfigure the router from scratch

Restoring the factory settings is done with the following 6 commands:

enable
configure terminal
config-register 0x2102
end
write erase
reload

When promted to save the configuration, say no. Here’s an output from a router: 

myRouter>enable
Password:
myRouter#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
myRouter(config)#config-register 0x2102
myRouter(config)#end
myRouter#write erase
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
myRouter#reload

System configuration has been modified. Save? [yes/no]: no
Proceed with reload? [confirm]

...
(router reboots)
...

% Please answer 'yes' or 'no'.
Would you like to enter the initial configuration dialog? [yes/no]: no

Tags: , ,
Posted in IT&C Stuff | No Comments »