1. Home
  2. Cisco Systems
  3. NAT Problem

NAT Problem

I am trying to do a simple NAT translation so that I can have a web server running on port 8000 that appears as a public IP instead of a private one. I want http://192.168.1.11:8000 to be addressable by http://204.57.130.50:8000 . I can't figure out what I am doing wrong. If I type http://localhost:8000 it works. If go to another PC instead the network and access it on port 8000 it works. But from the internet it just does not work. I just get a page cannot be displayed message. I am only running IOS 12.0.28 on my 2501 router so maybe I should upgrade. I will post my configuration here. I've tried it with and without the access list command. Any help would be appreciated:

Building configuration...

Current configuration: ! ! Last configuration change at 17:14:01 BKK Wed Oct 5 2005 ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname m3koffice ! enable secret 5 xxxxxxxxxxxxx enable password 1234 ! ip subnet-zero ip name-server 204.57.160.129 ip name-server 204.57.128.67 clock timezone BKK 7 ! ! ! interface Ethernet0 ip address 192.168.1.1 255.255.255.0 no ip directed-broadcast ip nat inside ! interface Serial0 description Connect to M2K-TOT ip address 204.57.130.50 255.255.255.252 no ip directed-broadcast ip nat outside no ip mroute-cache no fair-queue ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface TokenRing0 no ip address no ip directed-broadcast shutdown ! ip nat inside source list 1 interface Serial0 overload ip nat inside source static udp 192.168.1.11 8000 204.57.130.50 8000 extend ip nat inside source static tcp 192.168.1.11 8000 204.57.130.50 8000 extend ip nat inside source static tcp 192.168.1.11 8080 204.57.130.50 8080 extend ip nat inside source static tcp 192.168.1.11 1813 204.57.130.50 1813 extend ip nat inside source static tcp 192.168.1.11 1812 204.57.130.50 1812 extend ip classless ip route 0.0.0.0 0.0.0.0 204.57.130.49 ! access-list 1 permit 192.168.1.0 0.0.0.255 ! line con 0 transport input none line aux 0 line vty 0 password xyz123 login line vty 1 4 password 1234 login ! ntp clock-period 17180128 ntp server 204.57.160.2 end

Reply to
Thread7
Loading thread data ...

Well I upgraded the IOS to 12.1.2T and it still does not work. There is no reason I could not upgrade further but I am thinking it is not the IOS. Now I am getting desperate. I need to get this working in 24 hours or less.

Thanks.

Reply to
Thread7

In article , wrote: :I am trying to do a simple NAT translation so that I can have a web :server running on port 8000 that appears as a public IP instead of a :private one. I want http://192.168.1.11:8000 to be addressable by :http://204.57.130.50:8000 . I can't figure out what I am doing wrong.

I haven't worked with IOS static NAT before, but I found a line in a document that suggests a possibility.

:ip nat inside source list 1 interface Serial0 overload :ip nat inside source static udp 192.168.1.11 8000 204.57.130.50 8000 extend

Try using an extended access list and excluding port 8000 and the other static ports from the list.

formatting link
Q. Is it possible to build a configuration with both static and dynamic NAT translations?

A. Yes, this is possible, with the caveat that the global addresses used in static translations are not automatically excluded with dynamic pools containing those global addresses. You must create your dynamic pools to exclude addresses assigned via static entries.

The above is talking about IPs, but -possibly- the same effect extends to ports.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.