NAT
I am making an assumption that you are doing nat overload. If this is
the case, then you would simply add
ip nat inside source static udp 192.168.1.1 43398 65.65.65.65 43398
in the above example, 192.168.1.1 is the inside address of the device
you want to port forwarded to and 65.65.65.65 is a public ip address
that you have available (it could even be the ip address of the outside
interface.
ACCESS LIST
To open Remote Desktop Connection port 3389. You need an access list on the router.
access-list 101 permit ip 199.99.99.99 0.0.0.0 192.168.1.2 0.0.0.0 eq 3389
access-list 101 deny ip 199.99.99.99 0.0.0.0 192.168.1.0 0.0.0.255
access-list 101 permit any any
Change the 199 address to your public IP and the 192 to your LAN IP on the first listing. Leave the rest alone.
If you want to allow the port 43398 to be send out
You can use extended access list and implement it on the incomming and outgoing interface of your router
access-list 101 permit udp 192.168.1.1 eq 43398 65.65.65.65 43398
access-list 101 permit udp 65.65.65.65 eq 43398 192.168.1.1 43398
for both direction as router needs access to be defined for both direction.
Posts
Post a Comment