Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

web server on cisco 827 and Cisco 1924 switch

Status
Not open for further replies.
DManigo

DManigo

ISP
Mar 16, 2005
71
US
For the moment, I have 1 pc and webserver on the switch.
switch running-config:

hostname "5thborocs1900"
monitor-port monitored 0/24
monitor-port port 0/24
network-port 0/24
ip address 192.168.1.2 255.255.255.0
ip default-gateway 192.168.1.1
ip domain-name "sprinthsd.net"
ip name-server 207.217.126.81
ip name-server 207.217.77.82
snmp-server location "Rocky Mount,NC"
snmp-server contact "5th Borough CS"
bridge-group enable
interface Ethernet 0/1
description "Cisco 827"
interface Ethernet 0/2
description "Linksys Wireless"
nterface Ethernet 0/24
duplex full
description "5thboro Server"

I can connect to the internet from the web server, but cannot access the hosted website from the outside. The website is assigned 192.168.1.4, default gateway 192.168.1.1
I can ping the gateway but not the address.

F.Y.I (Cisco 827 running-config)

ip subnet-zero
ip dhcp excluded-address 192.168.1.1
ip dhcp pool cisco
network 192.168.1.0 255.255.255.0
domain-name sprinthsd.net
dns-server 207.217.126.81 207.217.77.82 207.217.120.83
default-router 192.168.1.1
bridge irb
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
bridge-group 1
interface BVI1
ip address 63.162.201.72 255.255.255.0
ip nat outside
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.1.4 80 63.162.201.72 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 63.162.201.1
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip

**did I miss something in the router config or switch config. Thanks for the help...
 
Sort by date Sort by votes
Hey There...Might need to setup an access list to allow http traffic on you outside interface to the server.
Might look like:

access-list 100 permit tcp any eq 80 host 192.168.1.4 eq 80
interface BVI1
ip access-group 100 in

Without this then no inbound traffic will get past the interface.
Trying to think if we will need anything else but but have a cold and nyquill setting in......
 
Upvote 0 Downvote
Joamon,
I added:

router(config)# access-list 100 permit tcp any eq 80 (www) host 192.168.1.4 eq 80 (www)
also
reouter(config-if)# ip access-group 100 in

The ethernet interface 0, now showing:

interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
hold-queue 100 out

Now, unable to access the internet at all, cannot ping any outside address (I removed the commands to enter this)
What are your thoughts?

 
Upvote 0 Downvote
Figured out where my issue is, current running-config:

ip subnet-zero
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.4
ip dhcp pool cisco
network 192.168.1.0 255.255.255.0
domain-name sprinthsd.net
dns-server 207.217.126.81 207.217.77.82 207.217.120.83
default-router 192.168.1.1
bridge irb
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
bridge-group 1
interface BVI1
ip address 63.162.201.72 255.255.255.0
ip access-group 100 in
ip nat outside
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.1.4 80 63.162.201.72 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 63.162.201.1
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
========================================================
When I add ( access-list permit 100 tcp any eq 80 host 192.168.1.4 eq 80 ) I lose connection.
 
Upvote 0 Downvote
Try adding the following line to access-list 100:
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established
This should allow INbound responses from connection-oriented (TCP) requests

 
Upvote 0 Downvote
nope,
enterred, access-list 100 permit tcp any 192.168.1.0 0.0.0.255 established, lost connection again..
 
Upvote 0 Downvote
Put in a word for someone to help out...hopefully he will contact you shortly....
 
Upvote 0 Downvote
Change your access list to:

access-list 100 permit any host 192.168.1.4 eq 80.

When the request is made from the host, the randomly generated port is in the range above 1024. Your list is blocking the request from the host by only allowing port 80 from the host.

HTH
 
Upvote 0 Downvote
Cluebird,
Joamon,

Thanks for the special attention to my issue. I tried entering the access-list, but "any" is not one of given choices:

routerconfig)#access-list 100 permit ?
<0-255> An IP protocol number
ahp Authentication Header Protocol
eigrp Cisco's EIGRP routing protocol
esp Encapsulation Security Payload
gre Cisco's GRE tunneling
icmp Internet Control Message Protocol
igmp Internet Gateway Message Protocol
igrp Cisco's IGRP routing protocol
ip Any Internet Protocol
ipinip IP in IP tunneling
nos KA9Q NOS compatible IP over IP tunneling
ospf OSPF routing protocol
pcp Payload Compression Protocol
pim Protocol Independent Multicast
tcp Transmission Control Protocol
udp User Datagram Protocol

When entering:
router(config)#access-list 100 permit any host 192.168.1.4 eq 80
% Invalid input detected at '^' marker (pointing to the command, any)


 
Upvote 0 Downvote
Not sure if this helps but F.Y.I

router#> sh ip int
ATM0 is up, line protocol is up
Outgoing access list is not set
Inbound access list is 100
and
Ethernet0 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Outgoing access list is not set
Inbound access list is not set
router>#sh access-list
Standard IP access list 1
permit 192.168.1.0, wildcard bits 0.0.0.255 (439 matches) check=167
router#>sh ip access-list
Standard IP access list 1
permit 192.168.1.0, wildcard bits 0.0.0.255 (445 matches) check=167

 
Upvote 0 Downvote
Then should the access-list read:
access-list 100 permit tcp any host 192.168.1.4 eq 80
access-list 100 permit tcp any any established

???
 
Upvote 0 Downvote
No Dice

router#>access-list 100 permit tcp any host 192.168.1.4 eq 80 ( drops connection )

added

router#>access-list 100 permit tcp any any establsihed
(drops connection)



 
Upvote 0 Downvote
My error on the syntax.

Have you removed the access-lists entirely and been able to reach the inside web server? Do that before we work the access-list issue. If you can't connect without any access lists, please repost the current configuration on the router.

 
Upvote 0 Downvote
Unable to connect to internal web site without "any" access-list. The Server is on a Cisco 1924 switch vlan 1 with static address on NIC 192.168.1.4...Website is also assigned 192.168.1.4 255.255.255.0

Running-config

ip subnet-zero
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.4
ip dhcp pool cisco
network 192.168.1.0 255.255.255.0
domain-name sprinthsd.net
dns-server 207.217.126.81 207.217.77.82 207.217.120.83
default-router 192.168.1.1
bridge irb
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
loopback
hold-queue 100 out
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5snap
dsl operating-mode auto
bridge-group 1
interface BVI1
ip address 63.162.201.72 255.255.255.0
ip access-group 100 in
ip nat outside
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.1.4 80 63.162.201.72 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 63.162.201.1
no ip http server
access-list 1 permit 192.168.1.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CPM86
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
334
CPM86
CPM86
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
566
madwok
madwok
B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
216
badwolf1686
B
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
573
nt8d09
nt8d09
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
540
Jared R
Jared R

Part and Inventory Search

Sponsor

Back
Top