SlideShare a Scribd company logo

From technical user, open port 873 on cisco 1921

Download as DOCX, PDF
IT Tech
IT Tech

open port 873 on cisco 1921

Technology
1 of 5
From Technical User: Open Port 873 on Cisco 1921 Caskibum’s Problem of Opening Port 873 on Cisco 1921 I have a Cisco 1921 and need to open ports 22 (SSH) and 873 (rsync) to run an rsync server on my network and the rest of the network needs standard "internet" access. I am fairly new to Cisco ACLs and so I expect I'm doing something stupid but not sure what.When I add the ip access-group XXX in / out to the gig0/0 interface, I lose all www functionality at that point.Here is my current (working) config with the ACLs listed (101 and 102) but not enabled on the gig0/0 interface.I have tried the "established" statement at the start and end of the 101 list, no difference.Thanks for any help! Router#show run Building configuration... Current configuration : 2675 bytes ! ! Last configuration change at 15:03:45 UTC Sun Dec 18 2011 by ! version 15.0 service timestamps debug datetimemsec service timestamps log datetimemsec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$Sx2k$wiHT8Af585IB/HsSZkwC61 enable password 7 073E325F19190C1D47 ! noaaa new-model ! no ipv6 cef ip source-route ipcef ! ! noipdhcp use vrf connected ipdhcp excluded-address 10.1.0.1 10.1.0.149 ipdhcp excluded-address 10.1.0.200 10.1.0.254 ! ipdhcp pool net_dhcp import all network 10.1.0.0 255.255.255.0 http://www.router-switch.com/
default-router 10.1.0.1 lease 0 0 5 ! ! noipdomain lookup ipdomain name treeskier.ca multilink bundle-name authenticated ! ! ! licenseudipid CISCO1921/K9 sn FGL15092836 ! ! username blah password blahblah ! ! ipssh version 2 ! ! ! ! interface GigabitEthernet0/0 description Internet ipdhcp client update dns ip address dhcp ipnat outside ! ip access-group 101 in ! ip access-group 102 out ! once I turn these on, it all dies. ip virtual-reassembly duplex auto speed auto no cdp enable no mop enabled ! interface GigabitEthernet0/1 description internal ip address 10.1.0.1 255.255.255.0 ipnat inside ip virtual-reassembly duplex auto speed auto no mop enabled ! http://www.router-switch.com/
ip forward-protocol nd ! ip http server ip http authentication local no ip http secure-server ! ipnat inside source list 1 interface GigabitEthernet0/0 overload ipnat inside source static tcp 10.1.0.102 873 interface GigabitEthernet0/0 873 ipnat inside source static tcp 10.1.0.102 22 interface GigabitEthernet0/0 22 ! access-list 1 permit 10.1.0.0 0.0.0.255 access-list 1 remark INSIDE_IF=gig0/1 access-list 101 permit tcp any 10.1.0.0 0.0.0.255 established access-list 101 permit tcp any host 10.1.0.102 eq 22 access-list 101 permit udp any host 10.1.0.102 eq 22 access-list 101 permit tcp any host 10.1.0.102 eq 873 access-list 101 permit udp any host 10.1.0.102 eq 873 access-list 102 permit tcp 10.1.0.0 0.0.0.255 any access-list 102 permit udp 10.1.0.0 0.0.0.255 any dialer-list 1 protocol ip permit ! ! ! control-plane ! banner login ^C**************************^C ! CON and VTY setup ! scheduler allocate 20000 1000 end A bit of really basic troubleshooting: Router#sh access-lists Standard IP access list 1 10 permit 10.1.0.0, wildcard bits 0.0.0.255 (9854736 matches) Extended IP access list 101 10 permit tcp any 10.1.0.0 0.0.0.255 established 20 permit tcp any host 10.1.0.102 eq 22 30 permit udp any host 10.1.0.102 eq 22 40 permit tcp any host 10.1.0.102 eq 873 50 permit udp any host 10.1.0.102 eq 873 Extended IP access list 102 10 permit tcp 10.1.0.0 0.0.0.255 any 20 permit udp 10.1.0.0 0.0.0.255 any http://www.router-switch.com/
Router#shipnat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.0.10:22 10.1.0.102:22 --- --- tcp 192.168.0.10:873 10.1.0.102:873 --- --- tcp 192.168.0.10:54693 10.1.0.150:54693 208.88.180.96:80 208.88.180.96:80 tcp 192.168.0.10:54695 10.1.0.150:54695 208.88.180.96:80 208.88.180.96:80 tcp 192.168.0.10:54696 10.1.0.150:54696 208.88.180.106:5222 208.88.180.106:52 22 tcp 192.168.0.10:54699 10.1.0.150:54699 208.88.181.46:1935 208.88.181.46:193 5 tcp 192.168.0.10:54700 10.1.0.150:54700 208.88.180.96:80 208.88.180.96:80 ... (more dynamic NAT at work) Reply to Caskibum from Imbadatthis You aren't allowing DNS in . http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_exampl e09186a0080100548.shtml#allowdns also a nice to know: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_exampl e09186a0080100548.shtml#debugtraffic After Imbadatthis‘s Reply Caskibumsolved problems like this: Thanks for the response. I actually sorted it out last night, my "new" cable modem was blocking the port forwarding before it got to the router. So once I set up the NAT port forwarding on the cable modem, all good now. Just FYI, I've ended up with a much simpler ACL and NAT setup: ! ipnat inside source list nat-acl interface GigabitEthernet0/0 overload ipnat inside source static tcp 10.1.0.101 873 interface GigabitEthernet0/0 873 ipnat inside source static tcp 10.1.0.101 22 interface GigabitEthernet0/0 22 ! ip access-list extended nat-acl permitip 10.1.0.0 0.0.0.255 any permittcp any host 10.1.0.101 eq 22 permittcp any host 10.1.0.101 eq 873 ! ! Best Regards http://www.router-switch.com/
More discussion between these two buddies to talk about Opening port 873 on Cisco 1921 Imbadatthis: So you've removed both acl 101 and 102? Caskibum: Yep, the only ACL is the named extended list, which is applied on the outside interface in the overload command.I could have probably left them in place, I found this "alternate" solution with the named extended list as it is now, and then after that didn't work either I went to the cable modem and found the source of the problem. I expect the 101 / 102 acls are fine if I were to use them.Then the two static NAT commands to handle the traffic direction.Seems to be working.I'm no security expert so if this leaves some gaping hole please let me know and I'll rework it. Cheers! More Related Discussion on Open port 873 on Cisco 1921at tek-tips.com More Cisco News and Cisco Hardware Tips you can visit: http://blog.router-switch.com/ http://www.router-switch.com/

Recommended

Graphique ratios hoteliers 2016 CHF P'MONACO'S
Graphique ratios hoteliers 2016 CHF P'MONACO'SGraphique ratios hoteliers 2016 CHF P'MONACO'S
Graphique ratios hoteliers 2016 CHF P'MONACO'SFabrice CLAMAGIRAND
 
Weight & Purity in Precious Metals
Weight & Purity in Precious MetalsWeight & Purity in Precious Metals
Weight & Purity in Precious MetalsMGSRefining
 
Hilary Bradford: new images March 2014
Hilary Bradford: new images March 2014Hilary Bradford: new images March 2014
Hilary Bradford: new images March 2014Hilary Bradford
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 

Recommended

Graphique ratios hoteliers 2016 CHF P'MONACO'S
Graphique ratios hoteliers 2016 CHF P'MONACO'SGraphique ratios hoteliers 2016 CHF P'MONACO'S
Graphique ratios hoteliers 2016 CHF P'MONACO'SFabrice CLAMAGIRAND
 
Weight & Purity in Precious Metals
Weight & Purity in Precious MetalsWeight & Purity in Precious Metals
Weight & Purity in Precious MetalsMGSRefining
 
Hilary Bradford: new images March 2014
Hilary Bradford: new images March 2014Hilary Bradford: new images March 2014
Hilary Bradford: new images March 2014Hilary Bradford
 
Cisco ip phone key expansion module setup
Cisco ip phone key expansion module setupCisco ip phone key expansion module setup
Cisco ip phone key expansion module setupIT Tech
 
Cisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideCisco catalyst 9200 series platform spec, licenses, transition guide
Cisco catalyst 9200 series platform spec, licenses, transition guideIT Tech
 
Cisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideCisco isr 900 series highlights, platform specs, licenses, transition guide
Cisco isr 900 series highlights, platform specs, licenses, transition guideIT Tech
 
Hpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideHpe pro liant gen9 to gen10 server transition guide
Hpe pro liant gen9 to gen10 server transition guideIT Tech
 
The new cisco isr 4461 faq
The new cisco isr 4461 faqThe new cisco isr 4461 faq
The new cisco isr 4461 faqIT Tech
 
New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & consIT Tech
 
5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performance5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performanceIT Tech
 
Cisco 1921 series key features & benefits
Cisco 1921 series key features & benefitsCisco 1921 series key features & benefits
Cisco 1921 series key features & benefitsIT Tech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

More Related Content

More from IT Tech

New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesIT Tech
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresIT Tech
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solutionIT Tech
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesIT Tech
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesIT Tech
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesIT Tech
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellIT Tech
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000IT Tech
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexIT Tech
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesIT Tech
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesIT Tech
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration exampleIT Tech
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700IT Tech
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration optionsIT Tech
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement modelIT Tech
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsIT Tech
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...IT Tech
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & consIT Tech
 
5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performance5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performanceIT Tech
 
Cisco 1921 series key features & benefits
Cisco 1921 series key features & benefitsCisco 1921 series key features & benefits
Cisco 1921 series key features & benefitsIT Tech
 

More from IT Tech (20)

New nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switchesNew nexus 400 gigabit ethernet (400 g) switches
New nexus 400 gigabit ethernet (400 g) switches
 
Tested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi featuresTested cisco isr 1100 delivers the richest set of wi-fi features
Tested cisco isr 1100 delivers the richest set of wi-fi features
 
Aruba campus and branch switching solution
Aruba campus and branch switching solutionAruba campus and branch switching solution
Aruba campus and branch switching solution
 
Cisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switchesCisco transceiver module for compatible catalyst switches
Cisco transceiver module for compatible catalyst switches
 
Cisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switchesCisco ios on cisco catalyst switches
Cisco ios on cisco catalyst switches
 
Cisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modesCisco's wireless solutions deployment modes
Cisco's wireless solutions deployment modes
 
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dellCompetitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
Competitive switching comparison cisco vs. hpe aruba vs. huawei vs. dell
 
Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000Four reasons to consider the all in-one isr 1000
Four reasons to consider the all in-one isr 1000
 
The difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fexThe difference between yellow and white labeled ports on a nexus 2300 series fex
The difference between yellow and white labeled ports on a nexus 2300 series fex
 
Cisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches seriesCisco transceiver modules for compatible cisco switches series
Cisco transceiver modules for compatible cisco switches series
 
Guide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 seriesGuide to the new cisco firepower 2100 series
Guide to the new cisco firepower 2100 series
 
892 f sfp configuration example
892 f sfp configuration example892 f sfp configuration example
892 f sfp configuration example
 
Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700Cisco nexus 7000 and nexus 7700
Cisco nexus 7000 and nexus 7700
 
Cisco firepower ngips series migration options
Cisco firepower ngips series migration optionsCisco firepower ngips series migration options
Cisco firepower ngips series migration options
 
Eol transceiver to replacement model
Eol transceiver to replacement modelEol transceiver to replacement model
Eol transceiver to replacement model
 
Cisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngipsCisco firepower 2100 series, as a ngfw or a ngips
Cisco firepower 2100 series, as a ngfw or a ngips
 
16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...16 questions of cisco sfp 10 g-sr...
16 questions of cisco sfp 10 g-sr...
 
Various raid levels pros & cons
Various raid levels pros & consVarious raid levels pros & cons
Various raid levels pros & cons
 
5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performance5 comparisons measuring ssd and hdd performance
5 comparisons measuring ssd and hdd performance
 
Cisco 1921 series key features & benefits
Cisco 1921 series key features & benefitsCisco 1921 series key features & benefits
Cisco 1921 series key features & benefits
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

From technical user, open port 873 on cisco 1921

  • 1. From Technical User: Open Port 873 on Cisco 1921 Caskibum’s Problem of Opening Port 873 on Cisco 1921 I have a Cisco 1921 and need to open ports 22 (SSH) and 873 (rsync) to run an rsync server on my network and the rest of the network needs standard "internet" access. I am fairly new to Cisco ACLs and so I expect I'm doing something stupid but not sure what.When I add the ip access-group XXX in / out to the gig0/0 interface, I lose all www functionality at that point.Here is my current (working) config with the ACLs listed (101 and 102) but not enabled on the gig0/0 interface.I have tried the "established" statement at the start and end of the 101 list, no difference.Thanks for any help! Router#show run Building configuration... Current configuration : 2675 bytes ! ! Last configuration change at 15:03:45 UTC Sun Dec 18 2011 by ! version 15.0 service timestamps debug datetimemsec service timestamps log datetimemsec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$Sx2k$wiHT8Af585IB/HsSZkwC61 enable password 7 073E325F19190C1D47 ! noaaa new-model ! no ipv6 cef ip source-route ipcef ! ! noipdhcp use vrf connected ipdhcp excluded-address 10.1.0.1 10.1.0.149 ipdhcp excluded-address 10.1.0.200 10.1.0.254 ! ipdhcp pool net_dhcp import all network 10.1.0.0 255.255.255.0 http://www.router-switch.com/
  • 2. default-router 10.1.0.1 lease 0 0 5 ! ! noipdomain lookup ipdomain name treeskier.ca multilink bundle-name authenticated ! ! ! licenseudipid CISCO1921/K9 sn FGL15092836 ! ! username blah password blahblah ! ! ipssh version 2 ! ! ! ! interface GigabitEthernet0/0 description Internet ipdhcp client update dns ip address dhcp ipnat outside ! ip access-group 101 in ! ip access-group 102 out ! once I turn these on, it all dies. ip virtual-reassembly duplex auto speed auto no cdp enable no mop enabled ! interface GigabitEthernet0/1 description internal ip address 10.1.0.1 255.255.255.0 ipnat inside ip virtual-reassembly duplex auto speed auto no mop enabled ! http://www.router-switch.com/
  • 3. ip forward-protocol nd ! ip http server ip http authentication local no ip http secure-server ! ipnat inside source list 1 interface GigabitEthernet0/0 overload ipnat inside source static tcp 10.1.0.102 873 interface GigabitEthernet0/0 873 ipnat inside source static tcp 10.1.0.102 22 interface GigabitEthernet0/0 22 ! access-list 1 permit 10.1.0.0 0.0.0.255 access-list 1 remark INSIDE_IF=gig0/1 access-list 101 permit tcp any 10.1.0.0 0.0.0.255 established access-list 101 permit tcp any host 10.1.0.102 eq 22 access-list 101 permit udp any host 10.1.0.102 eq 22 access-list 101 permit tcp any host 10.1.0.102 eq 873 access-list 101 permit udp any host 10.1.0.102 eq 873 access-list 102 permit tcp 10.1.0.0 0.0.0.255 any access-list 102 permit udp 10.1.0.0 0.0.0.255 any dialer-list 1 protocol ip permit ! ! ! control-plane ! banner login ^C**************************^C ! CON and VTY setup ! scheduler allocate 20000 1000 end A bit of really basic troubleshooting: Router#sh access-lists Standard IP access list 1 10 permit 10.1.0.0, wildcard bits 0.0.0.255 (9854736 matches) Extended IP access list 101 10 permit tcp any 10.1.0.0 0.0.0.255 established 20 permit tcp any host 10.1.0.102 eq 22 30 permit udp any host 10.1.0.102 eq 22 40 permit tcp any host 10.1.0.102 eq 873 50 permit udp any host 10.1.0.102 eq 873 Extended IP access list 102 10 permit tcp 10.1.0.0 0.0.0.255 any 20 permit udp 10.1.0.0 0.0.0.255 any http://www.router-switch.com/
  • 4. Router#shipnat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.0.10:22 10.1.0.102:22 --- --- tcp 192.168.0.10:873 10.1.0.102:873 --- --- tcp 192.168.0.10:54693 10.1.0.150:54693 208.88.180.96:80 208.88.180.96:80 tcp 192.168.0.10:54695 10.1.0.150:54695 208.88.180.96:80 208.88.180.96:80 tcp 192.168.0.10:54696 10.1.0.150:54696 208.88.180.106:5222 208.88.180.106:52 22 tcp 192.168.0.10:54699 10.1.0.150:54699 208.88.181.46:1935 208.88.181.46:193 5 tcp 192.168.0.10:54700 10.1.0.150:54700 208.88.180.96:80 208.88.180.96:80 ... (more dynamic NAT at work) Reply to Caskibum from Imbadatthis You aren't allowing DNS in . http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_exampl e09186a0080100548.shtml#allowdns also a nice to know: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_exampl e09186a0080100548.shtml#debugtraffic After Imbadatthis‘s Reply Caskibumsolved problems like this: Thanks for the response. I actually sorted it out last night, my "new" cable modem was blocking the port forwarding before it got to the router. So once I set up the NAT port forwarding on the cable modem, all good now. Just FYI, I've ended up with a much simpler ACL and NAT setup: ! ipnat inside source list nat-acl interface GigabitEthernet0/0 overload ipnat inside source static tcp 10.1.0.101 873 interface GigabitEthernet0/0 873 ipnat inside source static tcp 10.1.0.101 22 interface GigabitEthernet0/0 22 ! ip access-list extended nat-acl permitip 10.1.0.0 0.0.0.255 any permittcp any host 10.1.0.101 eq 22 permittcp any host 10.1.0.101 eq 873 ! ! Best Regards http://www.router-switch.com/
  • 5. More discussion between these two buddies to talk about Opening port 873 on Cisco 1921 Imbadatthis: So you've removed both acl 101 and 102? Caskibum: Yep, the only ACL is the named extended list, which is applied on the outside interface in the overload command.I could have probably left them in place, I found this "alternate" solution with the named extended list as it is now, and then after that didn't work either I went to the cable modem and found the source of the problem. I expect the 101 / 102 acls are fine if I were to use them.Then the two static NAT commands to handle the traffic direction.Seems to be working.I'm no security expert so if this leaves some gaping hole please let me know and I'll rework it. Cheers! More Related Discussion on Open port 873 on Cisco 1921at tek-tips.com More Cisco News and Cisco Hardware Tips you can visit: http://blog.router-switch.com/ http://www.router-switch.com/