NAT issues

[rburke]

Ok, so here's the problem...

I have a dynamic IP form my cable ISP. Dynamic is a stretch since it hasn't changed in over 8 months, but hey, I'm not complaining... Since my IP doesn't change often I decided tht I wanted to host a couple domains that I own off of a Linux Red Hat 7.3 server I have behind my cisco 2514 router. I have setup BIND 9 for my internal LAN right now nad have some hook ups with an ISP so they are going to slave their DNS off of my master. (the hidden master concept). I also have setup my Apache configs to host the 3 Virual hosts. I have verified by using my internal IP of the server that it works and all is well. The problem comes when I change my DNS so that it gives out my WAN IP for the site records. All it does is hang when an internal user tries to access any of the sites using the WAN IP. Here is a copy of my config for the 2514:

version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname p.gateway
!
no logging buffered
no logging rate-limit
no logging console
no logging monitor
enable secret 5 something.
!
clock timezone CST -6
clock summer-time DST date Apr 7 2002 0:00 Oct 27 2002 0:00
ip subnet-zero
no ip finger
ip name-server 24.93.35.62
ip name-server 24.93.35.63
ip name-server 24.93.40.62
ip name-server 24.93.40.63
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
mac-address 0001.031f.928b
ip address dhcp
ip nat outside
no cdp enable
!
interface Ethernet1
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 10.10.10.22 22 interface Ethernet0 8080
ip nat inside source static tcp 10.10.10.21 13007 interface Ethernet0 13007
ip nat inside source static tcp 10.10.10.21 13006 interface Ethernet0 13006
ip nat inside source static tcp 10.10.10.21 13005 interface Ethernet0 13005
ip nat inside source static tcp 10.10.10.21 20 interface Ethernet0 20
ip nat inside source static tcp 10.10.10.21 21 interface Ethernet0 21
ip nat inside source static tcp 10.10.10.1 23 interface Ethernet0 23
ip nat inside source static tcp 10.10.10.21 22 interface Ethernet0 22
ip nat inside source static tcp 10.10.10.21 80 interface Ethernet0 80
ip nat inside source static tcp 10.10.10.21 13008 interface Ethernet0 13008
ip nat inside source static tcp 10.10.10.21 13009 interface Ethernet0 13009
ip nat inside source static tcp 10.10.10.21 13010 interface Ethernet0 13010
ip nat inside source static tcp 10.10.10.21 13011 interface Ethernet0 13011
ip nat inside source static tcp 10.10.10.21 13012 interface Ethernet0 13012
ip nat inside source static tcp 10.10.10.21 13013 interface Ethernet0 13013
ip nat inside source static tcp 10.10.10.21 13014 interface Ethernet0 13014
ip nat inside source static tcp 10.10.10.21 13015 interface Ethernet0 13015
ip nat inside source static tcp 10.10.10.21 13020 interface Ethernet0 13020
ip nat inside source static tcp 10.10.10.21 13019 interface Ethernet0 13019
ip nat inside source static tcp 10.10.10.21 13018 interface Ethernet0 13018
ip nat inside source static tcp 10.10.10.21 13017 interface Ethernet0 13017
ip nat inside source static tcp 10.10.10.21 13016 interface Ethernet0 13016

ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
logging trap debugging
access-list 1 permit any
!
line con 0
exec-timeout 60 0
logging synchronous
transport input none
line aux 0
line vty 0 4
password 7 password
logging synchronous
login local
!
ntp clock-period 17179989
ntp peer 129.7.1.66 prefer
end

As you can see, there are alot of fowarded ports. I have to have those for Passive FTP transfers. I can ping my WAN from the LAN, but if I try to telnet to the WAN on port 80 then it gives:

C:\>telnet 24.175.53.xxx 80
Connecting To 24.175.53.xxx...Could not open a connection to host on port 80 : Connect failed

But if I access a remote machine and telnet to the WAN IP then I get through:
[rburke@ai conf]$ telnet 24.175.53.xxx 80
Trying 24.175.53.xxx...
Connected to 24.175.53.xxx.
Escape character is '^]'.


If any one has ANY ideas please let me know. It looks to me that it won't port forward if the LAN goes to the WAN. But that is just a guess. Please help.

Burke

 

[rburke]

Anyone have any ideas?

Burke

 

[rburke]

Anyone?

 

[LoopyLoo]

What is the outside IP address of the Router? Is that the 24.175.33.X? If so you ain't gonna get diddly squat as this is assigned to the router and nothing else. It won't do reverse NAT AFAIK. Also, when you are telnetting to test the service try a GET / straight after you connect to see if it is a HTTP server coming back at you. You have an access-list 1 command but you don't seem to be applying the access-list to any interface.

 

[ChrisAC]

You won't be able to get to the global outside address from the inside!

Chris.
**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************