1. Home
  2. Cisco Systems
  3. pat for connections from the internal network

pat for connections from the internal network

hello everyone,

I googled around a bit trying to understand the problem, but I didn't find anything useful

I've an 877 model and the problem is:

there is a public ip configured on an interface and a private one on another one there is a dynamic nat rule which permits to the clients on the private lan to go on the internet natted with the public ip there is also a pat rule which maps the port 80 of an internal ip to the external one, it permits to the clients on the internet to access the webserver on the private lan

everything works well, at exception of one thing:

when a client from the internal network, tries to contact the public ip address at the port 80, it's not been patted to the other internal ip (as happens for who connects from internet), it receives instead a connection refused

do you have any suggestion on something I could look at?

thanks in advance, Giulio Fidente

Reply to
giulivo.navigante
Loading thread data ...

Giulio,

Clients on your internal network shouldn't be trying to access an internal server through it's public IP. NAT won't work this way. Internal clients need to use the internal IP address of the server and leave the public IP address for the external clients. Hope that helps.

neteng

formatting link

Reply to
pcmccollum

thanks first of all for your reply,

they should not, you're right ... but the dns resolves the website with its public ip address, so the internal clients are directed to the public ip, is something wrong here? is there anything I should do to avoid this "path" ?

Reply to
Giulivo Navigante

2 possible solutions. You can hand a second router off the first and access it via its public IP that way, or run split horizon DNS and return the private IP for internal clients
Reply to
turnip

you can *hang* a second router.. not hand

Reply to
turnip

thanks for your help guys,

to be honest I was hoping that a certain setting was able to do the game on the cisco router ... but I didn't find any so I'll go for the split horizon solution I think

Giulio Fidente

Reply to
Giulivo Navigante

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.