|
IP NAT/PAT
Hi Guys,
Just a quick Questions. I want to setup NAT/PAT Translation details are below... SERVER << NAT ROUTER << WAN 192.168.0.0 /24<< 192.168.0.0/24 | 172.17.0.0 / 16 << WAN I want a WAN User to be able to http to an IP Address such as 172.17.0.5:80 and then this to be translated to 192.168.0.5:80. I tried ip nat inside source static tcp 192.168.0.5 80 172.17.0.5 80 extendable however when attempting to telnet to the 172.17.0.5 80 address no connection is open. the 172.17.0.5 Does not exist on any interface i just thought that the router would just redirect it to 192.168.0.5 once it has received a message for this network? Pro Inside global Inside local Outside local Outside global tcp 192.168.3.131:80 192.168.50.135:80 --- --- How would i go about doing this? |
Re: IP NAT/PAT
On 7 Apr, 14:32, Tomehb <tom...@gmail.com> wrote:
> Hi Guys, > > Just a quick Questions. I want to setup NAT/PAT Translation details > are below... > > SERVER * * * * *<< * * * *NAT ROUTER > << WAN > 192.168.0.0 /24<< * * * * 192.168.0.0/24 * | 172.17.0.0 / 16 * * * *<< > WAN > > I want a WAN User to be able to http to an IP Address such as > 172.17.0.5:80 and then this to be translated to 192.168.0.5:80. > > I tried > ip nat inside source static tcp 192.168.0.5 80 172.17.0.5 80 > extendable > > however when attempting to telnet to the 172.17.0.5 80 address no > connection is open. > the 172.17.0.5 Does not exist on any interface i just thought that the > router would just redirect it to 192.168.0.5 once it has received a > message for this network? > > Pro Inside global * * * * Inside local * * * * *Outside local > Outside global > > tcp 192.168.3.131:80 * * *192.168.50.135:80 * * --- This sh NAT is inconsistent with the ip nat statement. I will ignore the sh nat. If memory serves me correctly you need a route for the incoming packet for the pre-natted address. ip route 172.17.0.5 255.255.255.255 192.168.0.x Make x anything you like except the router itself. It is never used to send traffic out of the router. I think of it like this - The router needs to know which interface the packet is going to exit from in order to notice the NAT inside/outside pair of interfaces. Without this the router has no idea what to do with the packet. |
Re: IP NAT/PAT
On Apr 7, 7:19*am, bod43 <Bo...@hotmail.co.uk> wrote:
> On 7 Apr, 14:32, Tomehb <tom...@gmail.com> wrote: > > > > > Hi Guys, > > > Just a quick Questions. I want to setup NAT/PAT Translation details > > are below... > > > SERVER * * * * *<< * * * *NAT ROUTER > > << WAN > > 192.168.0.0 /24<< * * * * 192.168.0.0/24 * | 172.17.0.0 / 16 * * * *<< > > WAN > > > I want a WAN User to be able to http to an IP Address such as > > 172.17.0.5:80 and then this to be translated to 192.168.0.5:80. > > > I tried > > ip nat inside source static tcp 192.168.0.5 80 172.17.0.5 80 > > extendable > > > however when attempting to telnet to the 172.17.0.5 80 address no > > connection is open. > > the 172.17.0.5 Does not exist on any interface i just thought that the > > router would just redirect it to 192.168.0.5 once it has received a > > message for this network? > > > Pro Inside global * * * * Inside local * * * * *Outside local > > Outside global > > > tcp 192.168.3.131:80 * * *192.168.50.135:80 * * --- > > This sh NAT is inconsistent with the > ip nat statement. I will ignore the sh nat. > > If memory serves me correctly you need a route for the > incoming packet for the pre-natted address. > > ip route 172.17.0.5 255.255.255.255 192.168.0.x > > Make x anything you like except the router itself. It > is never used to send traffic out of the router. > > I think of it like this - > The router needs to know which interface the packet is > going to exit from in order to notice the NAT inside/outside > pair of interfaces. Without this the router has no idea what to > do with the packet. This sounds like something I've been looking for in order to allow me to access a domain name that maps back to a server behind my natted router.. Currently if I do this, I get a message akin to 'no route to host' if I recall.. Of course it works fine outside my network.. Anyway, sounds interesting.. |
Re: IP NAT/PAT
On 7 Apr, 23:48, Rick F <ri...@ca-flower.com> wrote:
> On Apr 7, 7:19*am, bod43 <Bo...@hotmail.co.uk> wrote: > > > > > > > On 7 Apr, 14:32, Tomehb <tom...@gmail.com> wrote: > > > > Hi Guys, > > > > Just a quick Questions. I want to setup NAT/PAT Translation details > > > are below... > > > > SERVER * * * * *<< * * * *NAT ROUTER > > > << WAN > > > 192.168.0.0 /24<< * * * * 192.168.0.0/24 * | 172.17.0.0 / 16 * * * *<< > > > WAN > > > > I want a WAN User to be able to http to an IP Address such as > > > 172.17.0.5:80 and then this to be translated to 192.168.0.5:80. > > > > I tried > > > ip nat inside source static tcp 192.168.0.5 80 172.17.0.5 80 > > > extendable > > > > however when attempting to telnet to the 172.17.0.5 80 address no > > > connection is open. > > > the 172.17.0.5 Does not exist on any interface i just thought that the > > > router would just redirect it to 192.168.0.5 once it has received a > > > message for this network? > > > > Pro Inside global * * * * Inside local * * * * *Outside local > > > Outside global > > > > tcp 192.168.3.131:80 * * *192.168.50.135:80 * * --- > > > This sh NAT is inconsistent with the > > ip nat statement. I will ignore the sh nat. > > > If memory serves me correctly you need a route for the > > incoming packet for the pre-natted address. > > > ip route 172.17.0.5 255.255.255.255 192.168.0.x > > > Make x anything you like except the router itself. It > > is never used to send traffic out of the router. > > > I think of it like this - > > The router needs to know which interface the packet is > > going to exit from in order to notice the NAT inside/outside > > pair of interfaces. Without this the router has no idea what to > > do with the packet. > > This sounds like something I've been looking for in order > to allow me to access a domain name that maps back > to a server behind my natted router.. > Currently if I do this, I get a message akin to 'no route to host' > if I recall.. Of course it works fine outside my network.. > > Anyway, sounds interesting This is just ordinary static NAT. I take it to mean that you wish to access your internal server from the inside using its external DNS name. My reading of the cisco documents suggests that the Cisco NAT Application Layer Gateway for DNS will fix this up I (and others it seems) have been unable to get it to work. That is - the router should notice DNS replies from the outside that contain the statically NATted address and will correctly fix up the address in the DNS reply. This does not seem to work but I have never raised a TAC case against it so I don't know the official cisco position. The fix for this is to uave an internal DSN server that returns the internal address or for a small network perhaps to use host file entrie(s) for the required host(s). In a Windows "Domain" or somewhere you have login scripts you can of course fix up all the host files centrally. I have not thought it all through but there is a possible NAT solution I suppose using policy based routing to a loopback for the "internal" server traffic that is 'incorrectly' heading for an external address. The loopback would be the NAT outside for this traffic and the traffic could come back inside after being NATted. It would be quite complex. You would need to do destination NAT to get the traffic to go the right way, source NAT so that the return traffic could be persuaded back to the router for more mumbo jumbo on the return. This is a real kludge but it might work for NATtable protocols. I like to think that have had the sense never to have tried it:) Look up "NAT on a stick" on the cisco web site for an example of NAT using PBR and a loopback. http://www.cisco.com/en/US/tech/tk64...80094430.shtml |
Re: IP NAT/PAT
On Apr 8, 1:31*am, bod43 <Bo...@hotmail.co.uk> wrote:
> On 7 Apr, 23:48, Rick F <ri...@ca-flower.com> wrote: > > > > > On Apr 7, 7:19*am, bod43 <Bo...@hotmail.co.uk> wrote: > > > > On 7 Apr, 14:32, Tomehb <tom...@gmail.com> wrote: > > > > > Hi Guys, > > > > > Just a quick Questions. I want to setup NAT/PAT Translation details > > > > are below... > > > > > SERVER * * * * *<< * * * *NAT ROUTER > > > > << WAN > > > > 192.168.0.0 /24<< * * * * 192.168.0.0/24 * | 172.17.0.0 / 16 * * * *<< > > > > WAN > > > > > I want a WAN User to be able to http to an IP Address such as > > > > 172.17.0.5:80 and then this to be translated to 192.168.0.5:80. > > > > > I tried > > > > ip nat inside source static tcp 192.168.0.5 80 172.17.0.5 80 > > > > extendable > > > > > however when attempting to telnet to the 172.17.0.5 80 address no > > > > connection is open. > > > > the 172.17.0.5 Does not exist on any interface i just thought that the > > > > router would just redirect it to 192.168.0.5 once it has received a > > > > message for this network? > > > > > Pro Inside global * * * * Inside local * * * * *Outside local > > > > Outside global > > > > > tcp 192.168.3.131:80 * * *192.168.50.135:80 * * --- > > > > This sh NAT is inconsistent with the > > > ip nat statement. I will ignore the sh nat. > > > > If memory serves me correctly you need a route for the > > > incoming packet for the pre-natted address. > > > > ip route 172.17.0.5 255.255.255.255 192.168.0.x > > > > Make x anything you like except the router itself. It > > > is never used to send traffic out of the router. > > > > I think of it like this - > > > The router needs to know which interface the packet is > > > going to exit from in order to notice the NAT inside/outside > > > pair of interfaces. Without this the router has no idea what to > > > do with the packet. > > > This sounds like something I've been looking for in order > > to allow me to access a domain name that maps back > > to a server behind my natted router.. > > Currently if I do this, I get a message akin to 'no route to host' > > if I recall.. Of course it works fine outside my network.. > > > Anyway, sounds interesting > > This is just ordinary static NAT. > > I take it to mean that you wish to access your internal > server from the inside using its external DNS name. > > My reading of the cisco documents suggests that > the Cisco NAT Application Layer Gateway > for DNS will fix this up I (and others it seems) have > been unable to get it to work. Thanks! You are spot-on.. Your answer is also what I had heard but not tried.. I've been thinking about setting up a local DNS server so perhaps I'll go down that route.. Thx! |
| All times are GMT. The time now is 11:56 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.