1. Home
  2. Cisco Systems
  3. NAT/PAT problem from inside

NAT/PAT problem from inside

Hi,

Im behind a C827 IOS 12.3 I have an occasionally web server, so I've made a IP NAT inside to publish my server on the web. I've got a dyndns domain to map my dynamic IP address. This works fine, and people on the Internet can access my web server.

But when client from the lan try to access the server using it's domain name (or external IP) it doesn't work. I'm not very surprised, because I know this is the case for most of the SOHO routers. But it worked with my Alcatel 510V3. Is there a way to make it work with a Cisco ?

Drawing is often better than words, how could this work :

formatting link

Reply to
Alni
Loading thread data ...

Are the folks inside your LAN able to access it using the internal IP address of the web server?

Dave

Reply to
sgtcasey

Bonjour,

snipped-for-privacy@comcast.net avait écrit le 01/12/2005 :

Yes they can reach the default web site on the server. But I'm using differents web sites on the same server. I have a dyndns with wildcards enabled, and if my domain is "mydomain.dyndns.org", each subdomain points to my IP (ie web1.mydomain.dyndns.org, or web2.mydomain.dyndns.org) and the url typed in the browser route to the right site. So If I do not edit the host on each machine to insert all the domains they can't access to the site. And I change the sites frequently.

At least the default site could be reach, but it's closed. By this way people that do not know the exact domain for each site can't view it.

This worked fine with my previous modem/router (Alcatel 510 V3)

Reply to
Alni

Can you post your conifg? Keep in mind order of NAT operation: from inside to outside router first try to route traffic and then NAT... In opposite direction this process is reversible, NAT then routing...So, I guess you 're blackholling your traffic destined for inside global address of your web server when you accessing it from LAN.

B.R. Igor

Reply to
Igor Mamuzic

Bonjour,

Igor Mamuzic a exprimé avec précision :

Here it is :

----------8

Reply to
Alni

As I said before, you cannot access your web server because this traffic hits nat inside interface and your router tries to route packets destined for web server directly to the dialer interface and router simply (if you don't have http server enabled on your router) doesn't know what to do with this traffic. On the other hand if the traffic first hits nat outside int then your traffic will be first NATed and then routed and this is the reason why Internet users can access your internal www server.

Try to solve your problem with dns. Let the dns answers with www server's local ip address when asked from LAN.

B.R. Igor

Reply to
Igor Mamuzic

Bonjour,

Igor Mamuzic avait prétendu :

It should be a way to do this on Cisco, that's worked with my previous router

Yes I know, but I have 1 dyndns domain with wildcard enabled, I have a dozen of sites site1.domain.dyndns.org, site2.domain.dyndns.org, and so on (on the same server, same port. The http headers route on the right site). I have no dns server here. I could have deal with etc/hosts but I have to change them each time I add or remove a site. It worked fine before, I know that most of SOHO routers don't support this. But because it worked with my Alcatel, I wonder how to make traffic for my public IP pass by the outside of my cisco as if it comes from the WAN.

Reply to
Alni

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.