Hey all.
I'm still having some issues getting routing through PAT working the same as my old router.
I have one external IP and am running 10-net internally. I have a local web server with URLs DNSed to the external IP. I'd like to be able to access them through their DNS names instead of the server's local 10-net address. I'm fairly sure it's a routing issue. When I attempt to access this server's URLs from a 10-net machine, I get connection refused. When I enable the http server on the Cisco, any of the URLs I use for my websites result in the Cisco router's auth page for it's internal http server. So it doesn't seem that the router knows how to route requests from 10-net back to the 10-net when the destination IP is the external interface IP.
For example, the web site URL (say, is being run on 10.10.1.6, and is DNS'ed to 1.2.3.4. From outside the router, people have no problem accessing or any of the other services I export. But from an internal 10-net machine, connections to are refused. Of course, I can connect directly to the internal machine using it's internal address (e.g. 10.10.1.6/mysite/index.html), but then I run into other problems with links being broken and whatnot. Besides, I'd just like it to work the way I'm used to it working.
My last router did some magic to allow requests for services on the external IP address to correctly get routed back in and to the local servers. What I'm looking for is how to accomplish that on the router. Any input would be greatly appreciated!
Router: c1605-R
IOS: 12.2
Config:
ip subnet-zero
no ip domain-lookup
!
!
interface Ethernet0
description ***** internet connection through ISP *****
ip address 66.92.251.203 255.255.255.0
ip access-group 105 in
ip nat outside
!
interface Ethernet1
description ***** local non-routable network *****
ip address 10.10.1.1 255.255.255.0
ip nat inside
!
router rip
network 10.0.0.0
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 10.10.1.6 80 66.92.251.203 80 extendable
[snipped other services...]
ip classless
ip route 0.0.0.0 0.0.0.0 66.92.251.1
no ip http server
!
logging trap alerts
logging 10.10.1.6
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 105 deny ip host 69.10.205.115 any
access-list 105 permit ip any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
snmp-server enable traps tty
!
[snipped console stuff]
!
end
sankuberrymuch.
-mikec-
I'm still having some issues getting routing through PAT working the same as my old router.
I have one external IP and am running 10-net internally. I have a local web server with URLs DNSed to the external IP. I'd like to be able to access them through their DNS names instead of the server's local 10-net address. I'm fairly sure it's a routing issue. When I attempt to access this server's URLs from a 10-net machine, I get connection refused. When I enable the http server on the Cisco, any of the URLs I use for my websites result in the Cisco router's auth page for it's internal http server. So it doesn't seem that the router knows how to route requests from 10-net back to the 10-net when the destination IP is the external interface IP.
For example, the web site URL (say, is being run on 10.10.1.6, and is DNS'ed to 1.2.3.4. From outside the router, people have no problem accessing or any of the other services I export. But from an internal 10-net machine, connections to are refused. Of course, I can connect directly to the internal machine using it's internal address (e.g. 10.10.1.6/mysite/index.html), but then I run into other problems with links being broken and whatnot. Besides, I'd just like it to work the way I'm used to it working.
My last router did some magic to allow requests for services on the external IP address to correctly get routed back in and to the local servers. What I'm looking for is how to accomplish that on the router. Any input would be greatly appreciated!
Router: c1605-R
IOS: 12.2
Config:
ip subnet-zero
no ip domain-lookup
!
!
interface Ethernet0
description ***** internet connection through ISP *****
ip address 66.92.251.203 255.255.255.0
ip access-group 105 in
ip nat outside
!
interface Ethernet1
description ***** local non-routable network *****
ip address 10.10.1.1 255.255.255.0
ip nat inside
!
router rip
network 10.0.0.0
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 10.10.1.6 80 66.92.251.203 80 extendable
[snipped other services...]
ip classless
ip route 0.0.0.0 0.0.0.0 66.92.251.1
no ip http server
!
logging trap alerts
logging 10.10.1.6
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 101 permit esp any any
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 105 deny ip host 69.10.205.115 any
access-list 105 permit ip any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community public RO
snmp-server enable traps tty
!
[snipped console stuff]
!
end
sankuberrymuch.
-mikec-
