Hello to all.
I get into troubles.
I need to put my "ready to" run server into a private local network in a school, for mail, http... etc.
I asked the Internet Service Provider to forward the needed ports:
22,25,53,80,110,143,465,993,995 to this server.

The server is on the LAN 10.4.46.x with IP adress 10.4.46.2.

I requested the ISP to forward this ports from public static IP 87.147.20.12 to my Local. (server)

They answered something what I don't really understand.

These forwards are active right now on the ISPs cisco router:

ip nat translation tcp-timeout 600
ip nat pool Dynamic 87.147.20.12 87.147.20.12 netmask 255.255.255.248
ip nat pool NATPOOL 87.147.20.12 87.147.20.12 netmask 255.255.255.248
ip nat inside source list 105 pool Dynamic overload
ip nat inside source list NAT pool NATPOOL overload
ip nat inside source static 10.4.46.10 87.147.20.12 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0


They asked me if I want to remove all of this and make a port redirection from the Public IP to my private IP (server).

I believe that there is some range of Public IPs which can be used. But I didn't really understand this printout.

I know it is difficult to help without knowing the exact network structure but any suggestion may help.

Thank you very much!

Recommended Answers

All 4 Replies

I am no cisco expert, but it looks like you have a range of public IPs, not just one.
so you need to ask the ISP to setup NAT for the specific IP address, and not just generally.
an even better idea is to put the server in DMZ, to let it occupy one of the static IPs fully.

another question - why do you need ports 22 and 53 open externally? usually it is the ISP who hosts the customer's DNS settings, and opening ssh up to the public is a recipe for disaster.

Yes. There are probably more Public IPs for this connection.
The IT manager from that school was not able to tell me anything about it.
So if this IP (87.147.20.12) is the Public (it is, I checked that out) than the others may be 87.147.20.13...14. Can I just set up my server for one of this and then it will be accessible from outside too?

The port 22 - I need because I need to set up some things when the server will be accessible. I didn't want to live it open for ever. But I can filter it out later in iptables.

The port 53. I am not sure about that.
The school has its own domain. This domain is managed by the local bind DNS server. It maps the reverse domain for mail server.

well, if you have a normal router, it is possible to attach a switch to it and keep the dmz servers on that switch.

anyhow, there really isn't enough information to go on in the thread. I'd go to a cisco specific forum and ask there

This ISP makes free internet access for each school. They manage their CISCO router. But I made mistake in the line in first post:
ip nat inside source static 10.4.46.10 87.147.20.12 extendable
I checked it out again and it is:
ip nat inside source static 10.4.46.10 87.147.20.13 extendable

This shows that there is another public static IP for this connection which is forwarded completely to Local privat IP 10.4.46.10. So I just set up my network interface for 10.4.46.10 and the complete traffic will go to the servers IP 10.4.46.10.

You know, it is realy hard to get informations from the ISP in our country.
Instead he sends me an email that there is a Public IP 87.147.20.13 redirected to a local 10.4.46.10 he sends me a printout from the CISCO router.
I just redirect the domain mydomain.com to this Publick IP and the server can run.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.