{"id":354,"date":"2012-02-19T23:19:00","date_gmt":"2012-02-19T22:19:00","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=354"},"modified":"2012-02-19T23:19:00","modified_gmt":"2012-02-19T22:19:00","slug":"natear-rango-de-puertos-en-un-router-cisco","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=354","title":{"rendered":"NATear rango de puertos en un router cisco"},"content":{"rendered":"<p>Como ya sabr\u00e9is, para hacer NAT por puertos en un router cisco, hay que a\u00f1adir una l\u00ed\u00adnea por cada uno de ellos, del tipo:<br \/>\n<code><br \/>\nip nat inside source static tcp 192.168.2.3 8080 X.X.X.X 8080 route-map nonat extendable<br \/>\n<\/code><br \/>\nAqu\u00ed\u00ad estamos NATeando el puerto 8080 a la m\u00e1quina 192.168.2.3 de nuestra red, donde X.X.X.X es la ip p\u00fablica nuestra.<br \/>\nPero el problema es, si queremos NATear un rango entero de puertos&#8230;. por ejemplo&#8230;. publicamos nuestro servidor de VoIP y necesitamos del 10000 al 20000 UDP para el <strong><em>media<\/em><\/strong> y el 5060 UDP para el <em>signaling<\/em>.<br \/>\nLa pesadilla puede ser tremenda&#8230;. aunque no es necesario para la voIP los 10000 puertos, pero hacer un rango de 10 o 20, es poco elegante, m\u00e1s si nuestro router ya tiene m\u00e1s nats hechos, con lo que la config se puede volver muuuuy larga.<br \/>\nhace unos d\u00ed\u00adas, leyendo documentaci\u00f3n de cisco por otros temas, veo el <strong><em>NAT ROTARY<\/em><\/strong>, siendo la definici\u00f3n de cisco:<br \/>\n<code><br \/>\nDestination Address Rotary Translation<br \/>\nA dynamic form of destination translation can be configured for some outside-to-inside traffic. Once a mapping is set up, a destination address matching one of those on an access list will be replaced with an address from a rotary pool. Allocation is done in a round-robin basis, performed only when a new connection is opened from the outside to the inside. All non-TCP traffic is passed untranslated (unless other translations are in effect).<br \/>\n<\/code><br \/>\nY vemos la palabra m\u00e1gica:<br \/>\n<em><br \/>\nDestination address matching one of those on an access list<br \/>\n<\/em><br \/>\nVamos a investigar un poco:<br \/>\nPrimero, hacemos el access-list para los puertos de nuestro VoIP server:<br \/>\n<code><br \/>\nip access-list extended voip<br \/>\n permit udp any any eq 5060<br \/>\n permit udp any any range 10000 20000<br \/>\n<\/code><br \/>\nY ahora el nat con el access-list, contra la ip 192.168.2.5, que ser\u00e1 nuestro VoIP Server:<br \/>\n<code><br \/>\nip nat pool ASTERISK 192.168.2.5 192.168.2.5 netmask 255.255.255.0 <strong>type rotary<\/strong><br \/>\n<\/code><br \/>\nFinalmente, la destinaci\u00f3n del NAT con la ACL:<br \/>\n<code><br \/>\nip nat inside destination list voip pool ASTERISK<br \/>\n<\/code><br \/>\nY ahora, <em>enjoy<\/em> the nat!!!, hasta que llegue el IPv6.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Como ya sabr\u00e9is, para hacer NAT por puertos en un router cisco, hay que a\u00f1adir una l\u00ed\u00adnea por cada uno de ellos, del tipo: ip nat inside source static tcp 192.168.2.3 8080 X.X.X.X 8080 route-map nonat extendable Aqu\u00ed\u00ad estamos NATeando el puerto 8080 a la m\u00e1quina 192.168.2.3 de nuestra red, donde X.X.X.X es la ip [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[41,113,119,153,170,192],"class_list":["post-354","post","type-post","status-publish","format-standard","hentry","category-cisco","tag-cisco","tag-multiple-nat-ports","tag-nat","tag-rango-puertos","tag-sip","tag-voip"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/354","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=354"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/354\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=354"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=354"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=354"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}