How do I do port mapping on a Cisco router?

Little scum · Posted on 9/7/2015 11:55:55 AM

Give an environment first:
Cisco router intranet interface S1/0: 192.168.1.1 255.255.255.0
Extranet interface S1/1: 10.0.0.1 255.255.255.0
Server IP: 192.168.1.100
First telnet to the router:
User Access Verification

Username: cisco #输入用户名
Password: #输入密码
Router>en #进入特权模式
Password: #输入特权模式密码
Router#conf t #进入全局配置模式
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255 #建立访问控制列表准备做nat转换
Router(config) #ip nat inside source list 1 interface s1/1 #建立NAT转换 and convert the address of 192.168.1.0 to the address of interface s1/1
Router(config)#int s1/0 #进入接口模式
Router(config-if)#ip nat inside #设定s1/0 is the NAT internal interface
Router(config-if)#int interface mode of s1/1 #进入S1/1
Router(config-if)#ip nat outside #设定S1/1 is a NAT external interface
Router(config-if)#exit
Router(config) #

At this time, NAT has been enabled, and the intranet can be accessed.

Now start the port mapping to give the public network access to the private server:

Router(config)#ip nat inside source static tcp 192.168.1.100 5631 10.0.0.1 5631 extendable
Router(config)#ip nat inside source static tcp 192.168.1.100 5632 10.0.0.1 5632 extendable #因为10.0.0.1 This address has been applied to the s1/1 interface and NAT conversion, the extendable keyword must be added here, otherwise an error will be reported. If you use another external IP such as 10.0.0.2, you can leave extendable here.

Now machines on the external network can access the intranet.
The command show ip nat translations can check the NAT conversion status
show run can also find the relevant configuration
Router(config) #exit #退出全局配置模式 use the show command in privileged mode
Router#sho ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 10.0.0.1:23 192.168.1.100:23 --- ---
tcp 10.0.0.1:23 192.168.1.100:23 10.0.0.2:48268 10.0.0.2:48268
tcp 10.0.0.1:5631 192.168.1.100:5631 --- ---
tcp 10.0.0.1:5632 192.168.1.100:5632 --- ---
P.S. To delete a command, just add no before the command

Supplement: You telnet port 5631 and the server's telnet port is 23
If you want to telnet to the server's port 5631, you must change the server's telnet port, and change the registry to the server's firewall.
If you don't change the server port, you can also map the port of 5631 to port 23 of the server with the following command:
Router(config)#ip nat inside source static tcp 192.168.1.100 23 10.0.0.1 5631 extendable
To delete the mapping from 5631 to 5631, the command is as follows:
Router(config)#no ip nat inside source static tcp 192.168.1.100 5631 10.0.0.1 5631 extendable

If you don't change the server port, you must map port 5631 of the public IP to port 23 of the server. Then you have telnet IP 5631 is actually port 23 of the telnet server.

[Router] How do I do port mapping on a Cisco router?

Related Posts

Sections viewed