Press "Enter" to skip to content

Month: January 2009

Port Forward on Cisco 877

Are you running a server, utorrent or some other application which requires a port to be forwarded back to your internal network?

Its very simple and easy to do on the Cisco 877.

Direct Forwarding

a) We have a webserver on port 80 and we wish to forward port 80 from outside back to internal

ip nat inside source static tcp 10.108.1.6 80 interface Dialer1 80

b) A torrent type port forward:

ip nat inside source static tcp 10.108.1.1 61437 interface Dialer1 61437

As we can see basically we are opening external ports on the router, and allowing that port to be routed back to our internal network on the specified IP address. (Remember to substitute your internal IP address above and the port you wish to use. You may also need to change the Dialer, either Dialer1 or Dialer0 depending how your device is configured)

Re-Direct Forwarding

In your internal network you may have 3 machines which all run RDP on port 3389. Now you cannot map 3389 three times, only 1 port can be used at a time.

So what you can do, is setup a redirection so that the external port numbers are different but map to the same 3389 port numbers internally.

Example:

ip nat inside source static tcp 10.108.1.1 3389 interface Dialer1 4321

In this example, port 4321 is opened externally which maps back to the internal IP address on port 3389  (RDP)

ip nat inside source static tcp 10.108.1.10 3389 interface Dialer1 1832

Another example opening another external port to redirect to a different host inside the internal network for RDP

Another good example is you might be running a SSH server on your inside network on port 22, while externally you can configure it to be seen as port 6211.

ip nat inside source static tcp 10.108.1.10 3389 interface Dialer1 6211

This is a good security practice, so that you do not get constantly probed by bots on port 22 to try hack into your box with username/password combinations.

Leave a Comment