1. Home
  2. Cisco Systems
  3. Routing: NAT on a stick. How?

Routing: NAT on a stick. How?

Hi guys. I have trouble to connect to my internal webserver from an internal host.

Here's the situation I am using my Cisco 827 ADSL router to connect to the internet. My provider uses PPP so it's implemented and working fine. I also got a webserver running. I forwarded the wan ports and it's working fine when you try to connect from the outside. I can not connect to my webserver from the inside by using a URL. The DNS is external.

Here's a graph

WWW | WAN IP 82.93.71.226 CISCO 837 IOS 12.3 (11) T3 (C820-K90SY6-M) LAN IP 192.168.1.254 |

---------------------- | |

192.168.1.252 192.168.1.x SERVER HOSTS

In short: WAN IP router 82.93.71.226 LAN IP router 192.168.1.254 LAN IP Hosts 192.168.1.x

What's happening.

  1. A host wants to connect to the webserver by using a URL
2: The host gets natted and retrieves the WAN IP from the external DNS by the URL 3: The host sends a request to the wan IP from it's router 4: The router connects to the webserver forwarding the request. 5: The webserver answers the request directly to the host. 6: The host does not know this request from this IP and drops the packet

There is a solution I heard. It's called NAT on a stick. It means that you create a virtual loopback interface what is used to nat between the webserver and the hosts. I do not know how to implement this solution.

Who can add this to my configuration?

TIA!

My config:

! version 12.3 no parser cache no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname CISCO827 ! boot-start-marker boot-end-marker ! enable secret 5 enable password ! clock timezone cet 0 no aaa new-model ip subnet-zero no ip dhcp conflict logging ! ip dhcp pool internalnet network 192.168.1.0 255.255.255.0 default-router 192.168.1.254 domain-name dns-server 194.109.6.66 194.109.9.99 lease 5 ! ! ip cef no ip domain lookup ! interface Ethernet0 ip address 192.168.1.254 255.255.255.0 ip nat inside ip virtual-reassembly no keepalive no cdp enable hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto pvc 0 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username password 0 ! ! ! ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 permanent no ip http server no ip http secure-server !

ip nat inside source list 101 interface Dialer0 overload ip nat inside source static tcp 192.168.1.252 21 interface Dialer0 21 ip nat inside source static tcp 192.168.1.252 22 interface Dialer0 22 ip nat inside source static tcp 192.168.1.252 80 interface Dialer0 80 ip nat inside source static tcp 192.168.1.252 81 interface Dialer0 81 ip nat inside source static tcp 192.168.1.252 443 interface Dialer0

443 ip nat inside source static tcp 192.168.1.252 636 interface Dialer0 636 ip nat inside source static tcp 192.168.1.252 2200 interface Dialer0 2200 ip nat inside source static tcp 192.168.1.252 2211 interface Dialer0 2211 ip nat inside source static tcp 192.168.1.252 8008 interface Dialer0 8008 ip nat inside source static tcp 192.168.1.252 8009 interface Dialer0 8009 ip nat inside source static tcp 192.168.1.252 9999 interface Dialer0 9999 ip nat inside source static udp 192.168.1.252 21 interface Dialer0 21 ip nat inside source static udp 192.168.1.252 22 interface Dialer0 22 ip nat inside source static udp 192.168.1.252 80 interface Dialer0 80 ip nat inside source static udp 192.168.1.252 81 interface Dialer0 81 ip nat inside source static udp 192.168.1.252 443 interface Dialer0 443 ip nat inside source static udp 192.168.1.252 636 interface Dialer0 636 ip nat inside source static udp 192.168.1.252 2200 interface Dialer0 2200 ip nat inside source static udp 192.168.1.252 2211 interface Dialer0 2211 ip nat inside source static udp 192.168.1.252 8008 interface Dialer0 8008 ip nat inside source static udp 192.168.1.252 8009 interface Dialer0 8009 ip nat inside source static udp 192.168.1.252 9999 interface Dialer0 9999 ! access-list 101 deny 53 any any access-list 101 deny 55 any any access-list 101 deny 57 any any access-list 101 deny pim any any access-list 101 permit ip any any dialer-list 1 protocol ip permit snmp-server engineID local 000000090200000427FCDCCE snmp-server community public RO no cdp run ! ! control-plane ! ! line con 0 transport preferred all transport output all stopbits 1 line vty 0 4 password login transport preferred all transport input all transport output all ! scheduler max-task-time 5000 end
Reply to
Royco
Loading thread data ...

I don't know about NAT on a stick so can't comment, but if you aren't talking about a massive number of PC's you could put a manual entry in their host files to point them to the local server. Not a particularly elegant solution though I grant you.

Reply to
bob

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.