837. Unable to see internal web server from internal server.

I have a Cisco 837 and have set up NAT to allow the outside to access a web server. This works, however other computers on the inside get "connection was refused" when trying to access it.

show config Using 4406 out of 131072 bytes ! version 12.3 no service pad service timestamps debug datetime msec show-timezone service timestamps log datetime msec show-timezone service password-encryption ! hostname router ! no logging buffered no logging console enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ! username router password 7 XXXXXXXXXXXXXXXXXX no aaa new-model ip subnet-zero ip name-server 194.247.47.47 ip name-server 194.247.40.126 ip dhcp excluded-address 192.168.1.1 192.168.1.199 ip dhcp excluded-address 192.168.1.211 192.168.1.254 ip dhcp excluded-address 192.168.1.1 ! ip dhcp pool CLIENT import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 domain-name XXXXX.co.uk lease 0 2 ! ! ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:192.168.1.1-255.255.255.0 ip address 192.168.1.1 255.255.255.0 ip access-group 122 out ip nat inside no ip mroute-cache hold-queue 100 out ! interface ATM0 no ip address no ip mroute-cache atm vc-per-vp 64 no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address negotiated ip access-group 111 in ip nat outside ip inspect myfw out encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname snipped-for-privacy@XXX.net ppp chap password 7 XXXXXXXXXXXXXXXXXXx ppp pap sent-username snipped-for-privacy@XXX.net password 7 XXXXXXXXXXXXXXXXXXXXX ppp ipcp dns request ppp ipcp wins request hold-queue 224 in ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 192.168.1.3 25 interface Dialer1 25 ip nat inside source static tcp 192.168.1.3 80 interface Dialer1 80 ip nat inside source static tcp 192.168.1.3 22 interface Dialer1 22 ip nat inside source static tcp

192.168.1.3 8888 interface Dialer1 8888 ip nat inside source static tcp 192.168.1.3 6789 interface Dialer1 6789 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 no ip http server no ip http secure-server ! logging trap debugging logging facility local4 logging 192.168.1.3 access-list 102 remark permit internal network internet access access-list 102 permit ip 192.168.1.0 0.0.0.255 any access-list 111 remark Deny traffic from a major SPYWARE Company access-list 111 deny ip 207.246.124.0 0.0.0.255 any access-list 111 deny tcp any any eq telnet access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 6789 access-list 111 permit tcp any any eq 8888 access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 remark Block all Outside traffic In access-list 111 deny ip any any access-list 122 remark permit internal network internet access access-list 122 permit ip any any dialer-list 1 protocol ip permit ! line con 0 exec-timeout 120 0 no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 ! end
Reply to
eric the brave
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.