Cisco 827 port forwarding, please help

Cisco 827 port forwarding, please help

Post by congoclas » Mon, 02 May 2005 08:24:06


I've tried everything but I can't seem to get my Cisco 827 router to
allow incoming connections to the http port on an internal server with
private IP. My ISP is Tiscali and I have a dynamic public IP. Could this
pronlem be linked to something at my ISP? I'm currently running a web
server (with DydDNS) using Alcatel Speed Touch Home ADSL modem and have
no problems. Can somebody please tell me what's wrong with my cisco config:

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 ****encr*pw****
!
ip subnet-zero
!
interface Ethernet0
ip address 192.168.0.75 255.255.255.0
ip access-group 102 in
ip nat inside
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface Dialer0
ip address negotiated
ip access-group 101 in
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname ***ui***
ppp chap password 7 ***pw***
ppp pap sent-username ***ui*** password 7 ***pw***
!
interface Dialer1
no ip address
no cdp enable
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.1 80 interface Dialer0 80
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http port 8080
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit udp host 195.130.224.18 eq domain any
access-list 101 permit udp host 195.130.225.129 eq domain any
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq www
access-list 101 deny tcp any range 0 65535 any range 0 65535 log
access-list 101 deny udp any range 0 65535 any range 0 65535 log
access-list 101 deny ip any any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
password ***pw***
login
!
scheduler max-task-time 5000
end

Thanks to RobO whose suggestions I added to my access-list but still no
go. I'll need to open other ports later but for now would like to get
www working.

Thanks in advance
congoclash
 
 
 

Cisco 827 port forwarding, please help

Post by cc » Fri, 06 May 2005 23:57:51

Try following approach instead (assuming your webserver is 192.168.0.1):

# conf t
# interface Dialer0
# no ip access-group 101 in
# exit
# no access-list 101
# no access-list 102
# access-list 102 permit udp host 195.130.224.18 eq domain any
# access-list 102 permit udp host 195.130.225.129 eq domain any
# access-list 102 permit tcp any any established
# access-list 102 permit tcp any any eq www
# access-list 102 deny ip any any log
# access-list 102 deny tcp any any log
# access-list 102 deny udp any any log

you had outbound access list for inbound connections nebaled on Dialer0,
this should uncomplicate things





config:

 
 
 

Cisco 827 port forwarding, please help

Post by congoclas » Fri, 13 May 2005 21:05:39

hanks mate, will be trying it this weekend and will let you know.

Igor Z (cci) wrote:
 
 
 

Cisco 827 port forwarding, please help

Post by congoclas » Sat, 14 May 2005 09:33:24

o, it doesn't help. Are you sure about this? Isn't 101 inbound and 102
outbound?

Igor Z (cci) wrote:
 
 
 

Cisco 827 port forwarding, please help

Post by congoclas » Sun, 15 May 2005 22:56:09

Ok, I did a "debug ip nat detailed" and got something like this upon
trying to access my site:

public-ip:80 -> 192.168.0.1:some-weird-port

I can't remember exactly what the internal port was but it wasn't 80 (it
was some 4 digit port). Why would that be happening? My Apache on
192.168.0.1 listens on port 80 so no wonder it doesn't work. If I do a
"show ip nat translation" everything looks good. Any ideas how to make
NAT to forward to port 80 on 192.168.0.1 ?