Cisco 827 port forwarding, please help

I've tried everything but I can't seem to get my Cisco 827 router to allow incoming connections to the http port on an internal server with private IP. My ISP is Tiscali and I have a dynamic public IP. Could this pronlem be linked to something at my ISP? I'm currently running a web server (with DydDNS) using Alcatel Speed Touch Home ADSL modem and have no problems. Can somebody please tell me what's wrong with my cisco config:

version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! enable secret 5 ****encr*pw**** ! ip subnet-zero ! interface Ethernet0 ip address 192.168.0.75 255.255.255.0 ip access-group 102 in ip nat inside ! interface ATM0 no ip address no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! bundle-enable dsl operating-mode auto ! interface Dialer0 ip address negotiated ip access-group 101 in ip nat outside encapsulation ppp dialer pool 1 ppp chap hostname ***ui*** ppp chap password 7 ***pw*** ppp pap sent-username ***ui*** password 7 ***pw*** ! interface Dialer1 no ip address no cdp enable ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.1 80 interface Dialer0 80 ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http port 8080 ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 101 permit udp host 195.130.224.18 eq domain any access-list 101 permit udp host 195.130.225.129 eq domain any access-list 101 permit tcp any any established access-list 101 permit tcp any any eq www access-list 101 deny tcp any range 0 65535 any range 0 65535 log access-list 101 deny udp any range 0 65535 any range 0 65535 log access-list 101 deny ip any any access-list 102 permit ip 192.168.0.0 0.0.255.255 any ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password ***pw*** login ! scheduler max-task-time 5000 end

Thanks to RobO whose suggestions I added to my access-list but still no go. I'll need to open other ports later but for now would like to get www working.

Thanks in advance congoclash

Reply to
congoclash
Loading thread data ...

Try following approach instead (assuming your webserver is 192.168.0.1):

# conf t # interface Dialer0 # no ip access-group 101 in # exit # no access-list 101 # no access-list 102 # access-list 102 permit udp host 195.130.224.18 eq domain any # access-list 102 permit udp host 195.130.225.129 eq domain any # access-list 102 permit tcp any any established # access-list 102 permit tcp any any eq www # access-list 102 deny ip any any log # access-list 102 deny tcp any any log # access-list 102 deny udp any any log

you had outbound access list for inbound connections nebaled on Dialer0, this should uncomplicate things

Reply to
Igor Z (cci)

Reply to
congoclash

Reply to
congoclash

Ok, I did a "debug ip nat detailed" and got something like this upon trying to access my site:

public-ip:80 -> 192.168.0.1:some-weird-port

I can't remember exactly what the internal port was but it wasn't 80 (it was some 4 digit port). Why would that be happening? My Apache on

192.168.0.1 listens > I've tried everything but I can't seem to get my Cisco 827 router to
Reply to
congoclash

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.