Implementing port forwarding with IOS commands is similar to the commands used to configure static NAT. Port forwarding is essentially a static NAT translation with a specified TCP or UDP port number.
Figure 1 shows the static NAT command used to configure port forwarding using IOS.
Figure 2 shows an example of configuring port forwarding using IOS commands on router R2. 192.168.10.254 is the inside local IPv4 address of the web server listening on port 80. Users will access this internal web server using the global IP address 209.165.200.225, a globally unique public IPv4 address. In this case, it is the address of the Serial 0/1/0 interface of R2. The global port is configured as 8080. This will be the destination port used, along with the global IPv4 address of 209.165.200.225 to access the internal web server. Notice within the NAT configuration, the following command parameters:
- local-ip = 192.168.10.254
- local-port = 80
- global-ip = 209.165.200.225
- global-port = 8080
When a well-known port number is not being used, the client must specify the port number in the application.
Like other types of NAT, port forwarding requires the configuration of both the inside and outside NAT interfaces.
Similar to static NAT, the show ip nat translations command can be used to verify the port forwarding, as shown in Figure 3.
In the example, when the router receives the packet with the inside global IPv4 address of 209.165.200.225 and a TCP destination port 8080, the router performs a NAT table lookup using the destination IPv4 address and destination port as the key. The router then translates the address to the inside local address of host 192.168.10.254 and destination port 80. R2 then forwards the packet to the web server. For return packets from the web server back to the client, this process is reversed.