Cisco IOS Port Range Forwarding

January 5, 2009 – 9:12 pm

Do you find yourself annoyed, as I do, with having to enter a NAT statement for each port forward?  Want to fix that?  Here’s how I do it:

Assumption is that we’re using a device like an 871 Router, where FastEthernet4 is our Outside Interface, and we’re using an internal IP scheme of 192.168.1.0/24, and the internal IP address that we’re port forwarding to is 192.168.1.10, and we want to port forward the ports 6800-7000 TCP and 5100-5105 UDP:

ip nat inside source route-map NAT_MAP interface FastEthernet4 overload
ip nat pool POOL_NAME 192.168.1.10 192.168.1.10 netmask 255.255.255.0 type rotary
ip nat destination list DEST_LIST pool POOL_NAME
!
ip access-list extended DEST_LIST
 permit tcp any any range 6800 7000
 permit udp any any range 5100 5105

This will forward the ports 6800-7000 TCP and 5100-5105 UDP to 192.168.1.10 using the IP address that is on the outside interface FastEthernet4.

You must be logged in to post a comment.

“Technically” Advanced is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob