Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port Forwarding / NAT Question on 1800 series

Status
Not open for further replies.
gbaughma

gbaughma

IS-IT--Management
Staff member
Joined
Nov 21, 2003
Messages
4,773
Location
US
I am setting up a server (linux) for web and e-mail services.

I have a Cisco 1800 series router hooked to a static-ip DSL modem with PPOE called Dialer1 in the router for authentication.

In the router, I have used the commands:

ip nat inside source static tcp 10.0.0.240 25 interface Dialer1 25
ip nat inside source static tcp 10.0.0.240 110 interface Dialer1 110
ip nat inside source static tcp 10.0.0.240 80 interface Dialer1 80

This has allowed me to get to the web page and so forth.

HOWEVER, the problem that I'm having is that the box can't see the outside world. I have verified the routes, default gateway, everything else, but I must be missing a command somewhere.

All the other computers on the network (same subnet) can get outside; the only thing that I can think of is that in setting up the port forwarding, I have "broken" the ability for the box to see the outside world. It can ping the gateway, it can ping anything on the inside network, but DNS lookup isn't working, I can't ping an IP address, I can't ping the DNS server (outside of the network). What did I miss?

I'm sorry that I'm such a n00b when it comes to routers; I understand HOW they work, but I don't know my way around the cisco routers that well. Thanks in advance!




Just my 2¢
-Cole's Law: Shredded cabbage

--Greg
 
Sort by date Sort by votes
You're going to have to provide a bigger picture, such as your config, so that matter can be investigated..


On another note can your PC's access the internet without any probs??
 
Upvote 0 Downvote
Yes, the PC's have no issues accessing the Internet.

The server didn't seem to have an issue either, before I turned on the port forwarding.

I'll cut/paste the relevant parts of the configuration...

config said:
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 10.0.0.253 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip tcp adjust-mss 1452
speed auto
half-duplex
pppoe enable
pppoe-client dial-pool-number 1
no mop enabled
!
interface Dialer1
mtu 1492
ip address 71.39.28.13 255.255.255.0
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
no cdp enable
ppp authentication chap callin
ppp chap hostname *************
ppp chap password 7 *************
ppp pap sent-username ***********password 7 **********
crypto map clientmap
!
ip local pool ippool 10.1.0.1 10.1.0.254
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source static tcp 10.0.0.240 22 interface Dialer1 22
ip nat inside source static tcp 10.0.0.240 25 interface Dialer1 25
ip nat inside source static tcp 10.0.0.240 110 interface Dialer1 110
ip nat inside source static tcp 10.0.0.240 80 interface Dialer1 80
ip nat inside source static 10.0.0.240 interface FastEthernet0/0
!
!
logging trap debugging
logging facility local2
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
access-list 123 deny ip 10.0.0.0 0.0.0.255 10.1.0.0 0.0.0.255
access-list 123 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
route-map Routes permit 10
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner motd ^CThis system is the property of ********** UNAUTHORIZED ACCESS IS PROHIBITED. All activities are logged^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
password 7 00071A1507545A545C
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
password 7 105E080F161643
login authentication local_auth
transport input telnet
!
end
Click to expand...


Just my 2¢
-Cole's Law: Shredded cabbage

--Greg
 
Upvote 0 Downvote
Never mind... I did a write and a reboot and it's all working.

I thought I had missed something, but the router just needed a reboot for all the changes to go into play.

Thanks!



Just my 2¢
-Cole's Law: Shredded cabbage

--Greg
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
511
Zero6
Zero6
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
572
CPM86
CPM86
testman1
  • Locked
  • Question Question
SIP telephone ring on second call
Replies
0
Views
448
testman1
testman1
stanlyn
  • Locked
  • Question Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
668
iggsterman
iggsterman
Gartech
  • Locked
  • Question Question
LAN Port Test Device
Replies
3
Views
478
ipohead
ipohead

Part and Inventory Search

Sponsor

Back
Top