Cleaned up the grammer, I hope. I hate it when I sound like an idiot. The Cisco 675 will do PAT, port address translation as will as NAT, network address translation. You want to do a, set nat entry add, on the 675 to open a port on the DHCP addressed WAN port. This port will be forwarded to the specified computer's IP address and port. The full command you want to use is, set nat entry add inside_ipaddress port. The inside_ipaddress port is the computer's IP address / port you wish opened. The full command for port fowarding is set nat entry add inside_ipaddress port outside_ipaddress port protocol. By leaving the outside address unspecified, the Cisco 675 will open a port on any address you recieve on the wan port via dhcp. If you specify the address then it will break, if you are ever assigned a new one. To assign a name to your box I would suggest. www.dhs.org. Sign up for a dyn.dhs.org host and then apply the DHCP address that the Cicso 675 has on it's wan0-0 port. Use the command sh nat on the Cisco to get the DHCP address you recieved. cbos#sh nat NAT is currently enabled Inside Global Address set to 216.160.111.159 Inside Local Inside Global Timer Flags Protocol 10.0.0.30: 222 216.160.111.159: 222 0 0x2041 *** 10.0.0.10: 25 216.160.111.159: 25 0 0x2041 *** 10.0.0.10: 22 216.160.111.159: 22 0 0x2041 *** You can see that I have two computers. I have PAT pointing connections for ssh (22) , and SMTP (25), and port 222, which is ssh running on the second host. You can only point one port on the wan interface to one computer / port, so to ssh in the second computer required another port to be opened and the sshd deamon on the that host to listen on port 222. I used 222 because it is easy for me to remember. ssh myhost.dyn.dhs.org 222 There where a few times when I wanted access to my computers when away, where service had been interrupted and I had recieved a new DHCP address. Of course being away from the systems I had no way of know what the address assigned was and myhost.dyn.dhs.org was not pointing to the new address. I had no way to know what to connect to and was locked out. To fix this, I used a script and setup the Cicso 675 to log its syslog to one of my machines. The cisco commands are cbos#set syslog SET SYSLOG requires one of the following arguments disabled Turn off Syslog enabled Turn on Syslog port Set Syslog Port Number remote Set Remote IP Address test Test Syslog server So enable it and use set syslog remote ipaddress to point the logging to your computer. Using yast, it is very easy to setup syslog to accept traffic from other host. System Administration/Change configuration/ look for SYSLOGD_PARAMS and add -r to the options. Now do as root /sbin/init.d/syslog restart, and then on the cisco use the command cbos#set syslog test HELLO, this is cool. To test that this works, use, as root, on the host with syslogd accepting input from the 675 , the command, grep HELLO, /var/log/messages Now every time the cisco picks up a new address it will log this fact to the syslog daemon on your computer. The script will search for the ip address logged in /var/log/messages and if it does not match the current DNS setting at dhs.org it will change them to match. Set up the attached file with the appropraite settings for your dhs.org account. Then set up a cron job as root to run the script every hour or so. It has to be root because only root has access to /var/log/messages. When run, the script will test the current DNS settings of your dyn.dhs.org host on the dhs.org DNS server, if the current ip address of the cisco matches, then logger logs this fact to syslog. If the ipaddress isn't the same, the script updates your settings and logs if it was successful or not. Thank you Russell
I get service through USWest and I believe that I have a Cisco 675 DSL modem. I'm interested in what you develop for a setup on this...
Thanks, Ryan