Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with cisco port forwarding based on source


  • Please log in to reply
17 replies to this topic

#1 pomtom44

pomtom44

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 25 October 2017 - 02:45 PM

Hey all.

I do appreciate this may be a little more advanced then what most people are asking on the trademe forums.

Im working on a project for my uni course, and trying to figure out if what im wanting to do is even possible.

What im needing is port forwarding based on the source IP 
In other words 
If client 1 accesses the routers public interface with port 22 he will be directed to server 1 
but If client 2 accesses the routers public interface with port 22 he will be directed to server 2 
(See attached Diagram)

We have been round and round in circles with different methods shown by different people on other forums, but nothing seems to be working. 
And we get a mixed response whenever we search it of "It doesn't work that way" and "Oh thats easy, just do this"

So any input would be greatly appreciated. 
Thanks in advance 
Tom

Attached Files



BC AdBot (Login to Remove)

 


#2 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 25 October 2017 - 05:16 PM

Just how are you testing your network theory? Also, can I see the router's running config?


Edited by arlattimor, 25 October 2017 - 05:20 PM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#3 pomtom44

pomtom44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 25 October 2017 - 06:01 PM

Just how are you testing your network theory? Also, can I see the router's running config?

Hi arlattimor

We are testing by having two servers and two clients
Setup exactly as shown in the image I posted (but with matching outside ip range)

edit: We are watching the access logs on both servers so we can quickly see which server the ssh client is connecting to


Then just ssh'ing to the routers "public" interface IP
at the moment we can either get both clients going to one server, or just not working at all

I have gotten it working using linux and IP tables, so i know that it can be done, just not sure about using cisco.

We have changed our router config around so many times trying different solutions, so not sure if it will be of any use.
But if you want I can get a copy for you, is there anything in particular your looking for?


Edited by pomtom44, 25 October 2017 - 06:08 PM.


#4 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 25 October 2017 - 06:17 PM

OK, what IOS do you have running on the router and what model router is it?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#5 pomtom44

pomtom44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 25 October 2017 - 06:26 PM

OK, what IOS do you have running on the router and what model router is it?

we have a 1841 running v12.4
And a 2901 running v15.1



#6 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 25 October 2017 - 06:28 PM

Can I see the 2901s Running Config, please?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#7 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 25 October 2017 - 07:17 PM

Hello, you still with there pomtom44?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#8 pomtom44

pomtom44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 25 October 2017 - 07:23 PM

Hello, you still with there pomtom44?

Sorry still here.
Just busy working on other things as well, so can only check the forums every now and then

Ill get the full config for you soon when I can get to the router, maybe 2-3 hours time?



#9 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 25 October 2017 - 07:30 PM

OK, that's fine. I'm on duty anyway I'll be on the lookout for it.


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#10 pomtom44

pomtom44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 26 October 2017 - 01:41 PM

Sorry its taken so long
As I said before, we have changed the config around so many times trying to get different methods to work, that there may be things missing from here which are important.
 

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 06YFDUHH61wAE/kLkDq9BGho1QM5EnRtoyr8cHAUg.2
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 11.0.0.5 11.0.0.8
!
ip dhcp pool DATA
 import all
 network 11.0.0.0 255.255.255.0
 default-router 11.0.0.1
 dns-server 4.2.2.2
!
!
no ip domain lookup
ip domain name cisco.com
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2901/K9 sn FGL163713TC
!
!
username R1 password 0 david
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 192.168.183.51 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 11.0.0.1 255.255.255.0
 ip nat inside


#11 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 26 October 2017 - 01:43 PM

pomtom44 can you attach the config as a txt doc thank you.


Edited by arlattimor, 26 October 2017 - 01:43 PM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#12 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 26 October 2017 - 02:01 PM

The reason I am asking for the attachment is that I cant see your port forwarding statements the running config is cut short.   :thumbup2:

 

What are you using as an ssh client putty?


Edited by arlattimor, 26 October 2017 - 02:02 PM.

A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#13 pomtom44

pomtom44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:25 AM

Posted 26 October 2017 - 02:47 PM

https://www.dropbox.com/s/143aag1f04j7964/2901-conf.txt?dl=0

We currently dont have any port forwarding statements, as we have removed them all trying to get other things to work.

Heres one of the links we followed
https://supportforums.cisco.com/t5/lan-switching-and-routing/nat-based-on-source-address/td-p/2017174

we had a few other links, but can't find them now as they just didnt work at all so didn't save them

As for the ssh client
we use both putty on windows
and ssh on ubuntu server



#14 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 26 October 2017 - 03:55 PM

Ok well, I have your config, so let me work on this ok.


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 


#15 arlattimor

arlattimor

  • Members
  • 591 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Beaufort, SC.
  • Local time:11:25 AM

Posted 26 October 2017 - 04:06 PM

Your config does not match the diagram the put up?


A. Lattimore

CCNA, CWNA, MCITP, MCSA, MCT, MCP, Security+, Server+, Linux+, Network+, A+, CNST

Network Security Engineer

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users