{"id":289,"date":"2009-11-25T18:36:33","date_gmt":"2009-11-25T18:36:33","guid":{"rendered":"http:\/\/mccltd.net\/blog\/?p=289"},"modified":"2010-01-29T21:01:09","modified_gmt":"2010-01-29T21:01:09","slug":"port-forwarding-using-static-nat","status":"publish","type":"post","link":"http:\/\/darenmatthews.com\/blog\/?p=289","title":{"rendered":"Port Forwarding using Static NAT"},"content":{"rendered":"<p><strong>I was recently asked a question about port numbers on web servers.<\/strong> This answer will apply to any DMZ host, whether http, ftp, telnet or ssh.<\/p>\n<p>The question as phrased was:<\/p>\n<blockquote><p>If you decided to use a different port for your web server (say port 8080), how would a user make requests to your web server?<\/p><\/blockquote>\n<p><!--more-->If your internal private address for the web server was 192.168.0.5 and your outside (ISP allocated) router address (serial 0\/0 lets say) was 171.68.1.1, you could use PAT to make a one-to-one mapping between the outside address ad port number to the inside address and port number:<\/p>\n<blockquote><p>ip nat inside source static tcp 192.168.0.5 8080 171.68.1.1 80 extendable<\/p><\/blockquote>\n<p>The only visible IP address for public Internet users to reach the Web server is 171.68.1.1. Therefore, the NAT router is configured to perform a one-to-one mapping between IP address 171.68.1.1 port 80 and 192.168.0.5 port 8080.<\/p>\n<p>This mapping allows Internet users on the public side to have access to the internal Web server.<\/p>\n<p>e.g.<\/p>\n<blockquote><p>interface s0\/0<br \/>\nip address 171.68.1.1 255.255.255.240<br \/>\nip nat outside<br \/>\n!<br \/>\nip nat inside source list 1 interface s0\/0 overload<br \/>\n!<br \/>\naccess-list 1 permit 192.168.0.0 0.0.0.255<\/p><\/blockquote>\n<p>The overload keyword enables multiple concurrent sessions. The NAT table will maintain mapping of ports for each session. All source IPs will be unique, e.g:<\/p>\n<p>Two sessions:<\/p>\n<blockquote><p>Router#show ip nat translation<br \/>\nPro Inside global  Inside local      Outside local       Outside global<br \/>\ntcp 171.68.1.1:80  192.168.0.5:8080  &#8212;                 &#8212;<br \/>\ntcp 171.68.1.1:80  192.168.0.5:8080  198.133.219.1:11000 198.133.219.1:11000<br \/>\ntcp 171.68.1.1:80  192.168.0.5:8080  &#8212;                 &#8212;<br \/>\ntcp 171.68.1.1:80  192.168.0.5:8080  198.160.100.1:12640 198.160.100.1:12640<\/p><\/blockquote>\n<p>Oh, and before anyone asks, if another outside global address happened to choose the same randomly generated source port number (e.g. 12640), the NAT table will just use the next available (say, 12641)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was recently asked a question about port numbers on web servers. This answer will apply to any DMZ host, whether http, ftp, telnet or ssh. The question as phrased was: If you decided to use a different port for your web server (say port 8080), how would a user make requests to your web [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[83],"tags":[3,85],"_links":{"self":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/289"}],"collection":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=289"}],"version-history":[{"count":6,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/289\/revisions"}],"predecessor-version":[{"id":291,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/289\/revisions\/291"}],"wp:attachment":[{"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=289"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/darenmatthews.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}