I'm running a Cisco 2650, IOS 12.1. I'm mainly using it to NAT a bunch of tcp services from a handful of public addresses to a handful of private addresses, and to route between a small ethernet network to a single T1 connected via serial. It's been doing this for years, no problems, nothing to report out of the ordinary....until today. I'm unable to nat port 139 from any ouside IP to any inside IP.
**for privacy, the public IP in my examples will look like this: xxx.xxx.xxx.19When I creat this NAT entry: ip nat inside source static tcp 10.0.1.19 139 xxx.xxx.xxx.19 139 extendable
and then try to telnet on port 139 (to test connectivity to port 139) from the outside like this: telnet xxx.xxx.xxx.19 139
it fails with an error like this: telnet: connect to address xxx.xxx.100.19: Connection refused telnet: Unable to connect to remote host
however if I go ahead and change (as a simple test) my NAT line to the following: ip nat inside source static tcp 10.0.1.19 139 xxx.xxx.xxx.19 2222 extendable
and the try to make the same test telnet, only this time to the new
2222 port like this:telnet xxx.xxx.xxx.19 2222
....then it successfully connects. Essentially natting from outside tcp port 2222 to inside port 139 works, but natting from outside tcp port 139 to inside 139 fails. Anyone have a clue why?
Couple of side notes: I've temporarily disabled access-lists that have anything to do with port 139. Also I've testsed form the inside it.e (telnet 10.0.1.19 139) and this works fine, the service is certainly running.