Allowing Cisco 837 router to forward traffic to my web server

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

Purely as a lab exercise I would like to be able to use my Cisco 837 router
to access web pages on my Ubuntu machine.

I have set up a static NAT entry to forward port 80 traffic to my server's
internal IP address & explicitly allowed port 80 through the firewall. The
problem I'm having is that when I browse to my external IP address I'm
taken to the routers HTTP admin login page. The 2 questions I have are:

1) How can I change the routers HTTP admin port number to something other
than 80?

2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it
serves web pages?

TIA, Jason.

Re: Allowing Cisco 837 router to forward traffic to my web server
wrote:
Quoted text here. Click to load it

you are better off using access list as opposed to nat

Re: Allowing Cisco 837 router to forward traffic to my web server
nexrider@gmail.com wrote:
Quoted text here. Click to load it

WTF?

To the op: try this

ip http port XXXX

That should change the admin page from port 80 to XXXX

Re: Allowing Cisco 837 router to forward traffic to my web server
On Mon, 18 May 2009 20:51:03 GMT, Jason

Quoted text here. Click to load it

If your 837 works like my 827, then try this:

ip nat inside source static tcp 10.0.1.1 9080 interface Dialer0 80
ip http access-class 1
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 1 permit 10.0.2.0 0.0.0.255
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 deny any log

The NAT line redirects external port 80 traffic to my web server on
port 9080 (so that I can use port 80 on that box for my internal web
server).  Then access to the 827's web server is controlled by
access-list 1 which only specifically allows some of the internal IP
addresses to access it.  I think this works because all of the IP
addresses permitted to access the 827's web server only route through
the Ethernet0 port and hence any port 80 traffic on the ADSL port does
not match access-list 1 and drops through that rule to be seen by the
NAT rule.

If you want to change the 837's web port, use:

ip http port 8080

Re: Allowing Cisco 837 router to forward traffic to my web server

Quoted text here. Click to load it

Thanks for the answer, I've successfully changed the http port & locked
it down with the access list. I'm still working on being able to access
my web server from the Internet though.

Re: Allowing Cisco 837 router to forward traffic to my web server


Hi Jason,

make a telnet - session to Your router.
take the access-list wich controlles the incomming traffic (here xxx)
=============================================
telnet "router-ip"

login....

router#

sh access-lists xxx
10 ...
20 ...
... ...

conf t
ip access-lists extendend xxx
25 permit tcp any any eq 80
26 permit tcp any any eq 443

exit

ip nat inside source static tcp "webserver-lan ip" 80 interface Dialer 1 80
ip nat inside source static tcp "webserver-lan ip" 443 interface Dialer 1
443

exit
wr
==================================================

Thats all.

Bernie


Quoted text here. Click to load it



Site Timeline