[afnog] Natting

Peter Nyamukusa peter.nyamukusa at africaonline.co.tz
Mon Oct 13 05:37:10 UTC 2008 

Hi Hyeroba,

You would need something similar to this, since you have only one public IP
you can change the ssh port for one of your boxes to an non standard tcp
port by modifying /etc/ssh/ssh_config and /etc/services

interface GigabitEthernet0/0.1
 description <<Connection to LAN>>
 encapsulation dot1Q 1 native
 ip address 192.168.0.253 255.255.255.0
 ip nat inside

interface GigabitEthernet0/1
 description <<Connection To Internet >>
 ip address 41.x.x.2 255.255.255.252
 ip nat outside


ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.0.98 25 41.x.x.2 25 extendable
<NOTE: Mail server IP- email>>
ip nat inside source static tcp 192.168.0.98 22 41.x.x.2 22 extendable
<NOTE: Mail server IP - ssh access>>
ip nat inside source static udp 192.168.0.98 222 41.x.x.2 222 extendable
<NOTE: asterisk BOX IP - ssh access on no standard ssh port>>

access-list 1 permit 192.168.0.0 0.0.0.255

Cheers,
Peter Nyamukusa
Technical Manager
Africa Online (T) Ltd
Tel: +255 (22) 211 6090
Fax: +255 (22) 211 6089
Email: peter.nyamukusa at africaonline.co.tz
AIM: petenya

A member of the Telkom South Africa Group


-----Original Message-----
From: afnog-bounces at afnog.org [mailto:afnog-bounces at afnog.org] On Behalf Of
Hyeroba Peter
Sent: Wednesday, October 13, 2004 8:23 AM
To: afnog at afnog.org
Subject: [afnog] Natting

Hi all,

I am having some trouble configuring NAT. 

Here is my situation. I have a CISCO router providing broadband internet, it
has one public IP. I have two servers on my internal network, a mail server
and an asterisk box, I have created two domain names to identify these boxes
e.g mailserver.domain.com and asterisk.domain.com. Is there a way I could
configure NAT on the router such that if someone sent me say a mail message,
it would go to my mailserver? 
I have added both domains to my DNS records and the mailserver.domain.com is
an mx record. Also how can I be able to access both those machines from the
external world using SSH being that they have no public IP's? Can NATing
solve these issues?

Kind Regards.

Hyeroba W. Peter 
Computer Frontiers International limited;
Tel: +256 31 230 1800 or +254 41 456 4200; Fax: +256 41 434 0456;
Cell-phone: +256 78 247 9192;
Website: www.cfi.co.ug 



_______________________________________________
afnog mailing list
http://afnog.org/mailman/listinfo/afnog

More information about the afnog mailing list