1. Home
  2. Cisco Certification
  3. Allowing Cisco 837 router to forward traffic to my web server

Allowing Cisco 837 router to forward traffic to my web server

Hi,

Purely as a lab exercise I would like to be able to use my Cisco 837 router to access web pages on my Ubuntu machine.

I have set up a static NAT entry to forward port 80 traffic to my server's internal IP address & explicitly allowed port 80 through the firewall. The problem I'm having is that when I browse to my external IP address I'm taken to the routers HTTP admin login page. The 2 questions I have are:

1) How can I change the routers HTTP admin port number to something other than 80?

2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it serves web pages?

TIA, Jason.

Reply to
Jason
Loading thread data ...

you are better off using access list as opposed to nat

Reply to
nexrider

WTF?

To the op: try this

ip http port XXXX

That should change the admin page from port 80 to XXXX

Reply to
Artie Lange

If your 837 works like my 827, then try this:

ip nat inside source static tcp 10.0.1.1 9080 interface Dialer0 80 ip http access-class 1 access-list 1 permit 10.0.1.0 0.0.0.255 access-list 1 permit 10.0.2.0 0.0.0.255 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 1 deny any log

The NAT line redirects external port 80 traffic to my web server on port 9080 (so that I can use port 80 on that box for my internal web server). Then access to the 827's web server is controlled by access-list 1 which only specifically allows some of the internal IP addresses to access it. I think this works because all of the IP addresses permitted to access the 827's web server only route through the Ethernet0 port and hence any port 80 traffic on the ADSL port does not match access-list 1 and drops through that rule to be seen by the NAT rule.

If you want to change the 837's web port, use:

ip http port 8080

Reply to
Stephen Worthington

Stephen Worthington wrote in news: snipped-for-privacy@4ax.com:

Thanks for the answer, I've successfully changed the http port & locked it down with the access list. I'm still working on being able to access my web server from the Internet though.

Reply to
Jason

Hi Jason,

make a telnet - session to Your router. take the access-list wich controlles the incomming traffic (here xxx) ============================================= telnet "router-ip"

login....

router#

sh access-lists xxx

10 ... 20 ... ... ...

conf t ip access-lists extendend xxx

25 permit tcp any any eq 80 26 permit tcp any any eq 443

exit

ip nat inside source static tcp "webserver-lan ip" 80 interface Dialer 1 80 ip nat inside source static tcp "webserver-lan ip" 443 interface Dialer 1

443

exit wr ==================================================

Thats all.

Bernie

"Jason" schrieb im Newsbeitrag news:Xns9C0FDE46E66C9SpamSpamSpamSpanishI@69.16.186.8...

Reply to
vobe

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.