Hi all, I posted a while ago about allowing incoming connections to the http port on an internal server with private IP with Cisco827. Thanks to all who helped me with NAT & access-lists. It turns out that there's nothing wrong with these and I figured out what the problem is. My web server is and was perfectly accessible from internet (or through an external proxy) but not from within my lan. I think it's some kind of anti spoofing feature that denies access to anyone who claims to have the same public IP as the routers external interface.
So my question now is how do I allow my lan machines (incl.myself) to access my web server through DynDNS domain names. I realize I can just type 192.168.0.1 or http://pcname but that would allow me to see only the first VirtualHost in the Apache httpd.conf. Hopefully this would not require a big trade off in security. Here's my cisco config and thanks in advance.
version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 ****encr*pw**** ! ip subnet-zero ! interface Ethernet0 ip address 192.168.0.75 255.255.255.0 ip nat inside ! interface ATM0 no ip address no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! bundle-enable dsl operating-mode auto ! interface Dialer0 ip address negotiated ip access-group 101 in ip nat outside encapsulation ppp dialer pool 1 ppp chap hostname ***ui*** ppp chap password 7 ***pw*** ppp pap sent-username ***ui*** password 7 ***pw*** ! interface Dialer1 no ip address no cdp enable ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.1 80 interface Dialer0 80 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http port 8080 ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 101 permit udp host 195.130.224.18 eq domain any access-list 101 permit udp host 195.130.225.129 eq domain any access-list 101 permit tcp any any established access-list 101 permit tcp any any eq www access-list 101 permit icmp any any unreachable access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any packet-too-big access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any traceroute access-list 101 permit icmp any any administratively-prohibited access-list 101 deny icmp any any access-list 101 deny tcp any range 0 65535 any range 0 65535 log access-list 101 deny udp any range 0 65535 any range 0 65535 log access-list 101 deny ip any any access-list 102 permit ip 192.168.0.0 0.0.255.255 any ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password ***pw*** login ! scheduler max-task-time 5000 end