«

I hope somebody has some ideas on this, cause it's making me crazy.
It's probably something dirt simple I'm overlooking.

We have a Netopia DSL "modem", which provides us with four static
IP's.

We take one of those IPs, and run it to a CISCO 871 (which provides a
VPN that I don't think is pertinent to the problem.). The CISCO is
also doing DHCP, and NATing to a 192.168.0.x LAN.

All seems to be working fine, until I try to "Port forward" Ports 25,
80, and 110 from the outside WAN through to a server on the LAN.

The Netopia seems to be doing it's part -- I've configured what
Netopia calls "pinholes", and if I hang a server directly off of it, I
can access the required ports from the outside.

The CISCO has been configured by a CISCO tech, via Telnet from their
support center. He basically put in "permit any to 192.168.0.2 eq 80"
(I'm not sure of the exact syntax) on the inbound, and "permit
192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
statements for the other ports).

Problem is, it's not working. I get no response from anything on the
LAN when I try to access it from outside. I've checked the CISCO's
logs, and can't even find a record of the attempts at access, although
I may not have all the logging I should enabled (I'm not
super-familiar with CISCO stuff).

I get the same results no matter which port I try.

Any thoughts? Suggestions for troubleshooting methods? Is there some
basic routing/networking reason why this won't work? Seems I've done
this dozens of times before with Linksys, Dlink and the like without
problems.


Thanks!

Hi,

The problem you describe can be solved with NAT. You need to add a static
translation for ports 25, 80 and 110 of one of the public IP's to the
designated internal private IP.

ip nat inside source static tcp 192.168.0.2 25 a.b.c.d 25
ip nat inside source static tcp 192.168.0.2 80 a.b.c.d 80
ip nat inside source static tcp 192.168.0.2 110 a.b.c.d 110

(replace a.b.c.d with the public IP of the outside interface (or any of the
other public ip's).

Erik

"mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message
news:...
>I hope somebody has some ideas on this, cause it's making me crazy.
> It's probably something dirt simple I'm overlooking.
>
> We have a Netopia DSL "modem", which provides us with four static
> IP's.
>
> We take one of those IPs, and run it to a CISCO 871 (which provides a
> VPN that I don't think is pertinent to the problem.). The CISCO is
> also doing DHCP, and NATing to a 192.168.0.x LAN.
>
> All seems to be working fine, until I try to "Port forward" Ports 25,
> 80, and 110 from the outside WAN through to a server on the LAN.
>
> The Netopia seems to be doing it's part -- I've configured what
> Netopia calls "pinholes", and if I hang a server directly off of it, I
> can access the required ports from the outside.
>
> The CISCO has been configured by a CISCO tech, via Telnet from their
> support center. He basically put in "permit any to 192.168.0.2 eq 80"
> (I'm not sure of the exact syntax) on the inbound, and "permit
> 192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
> statements for the other ports).
>
> Problem is, it's not working. I get no response from anything on the
> LAN when I try to access it from outside. I've checked the CISCO's
> logs, and can't even find a record of the attempts at access, although
> I may not have all the logging I should enabled (I'm not
> super-familiar with CISCO stuff).
>
> I get the same results no matter which port I try.
>
> Any thoughts? Suggestions for troubleshooting methods? Is there some
> basic routing/networking reason why this won't work? Seems I've done
> this dozens of times before with Linksys, Dlink and the like without
> problems.
>
>
> Thanks!

On Mon, 26 Sep 2005 21:10:40 +0200, "Erik Tamminga"
<_revese_the_previous> wrote:

>Hi,
>
>The problem you describe can be solved with NAT. You need to add a static
>translation for ports 25, 80 and 110 of one of the public IP's to the
>designated internal private IP.
>
>ip nat inside source static tcp 192.168.0.2 25 a.b.c.d 25
>ip nat inside source static tcp 192.168.0.2 80 a.b.c.d 80
>ip nat inside source static tcp 192.168.0.2 110 a.b.c.d 110
>
>(replace a.b.c.d with the public IP of the outside interface (or any of the
>other public ip's).
>
>Erik


Thanks Eric! I'll be able to give it a try tomorrow.




>"mhaase-at-springmind.com" <mhaase-at-springmind.com@> wrote in message
>news:.. .
>>I hope somebody has some ideas on this, cause it's making me crazy.
>> It's probably something dirt simple I'm overlooking.
>>
>> We have a Netopia DSL "modem", which provides us with four static
>> IP's.
>>
>> We take one of those IPs, and run it to a CISCO 871 (which provides a
>> VPN that I don't think is pertinent to the problem.). The CISCO is
>> also doing DHCP, and NATing to a 192.168.0.x LAN.
>>
>> All seems to be working fine, until I try to "Port forward" Ports 25,
>> 80, and 110 from the outside WAN through to a server on the LAN.
>>
>> The Netopia seems to be doing it's part -- I've configured what
>> Netopia calls "pinholes", and if I hang a server directly off of it, I
>> can access the required ports from the outside.
>>
>> The CISCO has been configured by a CISCO tech, via Telnet from their
>> support center. He basically put in "permit any to 192.168.0.2 eq 80"
>> (I'm not sure of the exact syntax) on the inbound, and "permit
>> 192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
>> statements for the other ports).
>>
>> Problem is, it's not working. I get no response from anything on the
>> LAN when I try to access it from outside. I've checked the CISCO's
>> logs, and can't even find a record of the attempts at access, although
>> I may not have all the logging I should enabled (I'm not
>> super-familiar with CISCO stuff).
>>
>> I get the same results no matter which port I try.
>>
>> Any thoughts? Suggestions for troubleshooting methods? Is there some
>> basic routing/networking reason why this won't work? Seems I've done
>> this dozens of times before with Linksys, Dlink and the like without
>> problems.
>>
>>
>> Thanks!
>

[thunder04]

Hi,

I'm trying to do the same, except that I only have one IP address and it is dynamically assigned. I had it configured a long time ago, but cannot remember how I did it!

I tried doing the following...

oakland(config)#ip nat inside source static tcp 10.1.1.10 80 0.0.0.0 80

But, unfortunately, it does not like 0.0.0.0 or "any" as an external address.

Any help would be appreciated!

[redboot]

On a port that gets it's IP info automatically from DCHP, just refer to the port itself.

So, if your server is at 192.168.0.102, you might use:
ip nat inside source static tcp 192.168.0.102 3389 interface FastEthernet4 3389

This works for a Cisco 871W which has Fa4 assigned as the WAN port.
The 3389 port is for M$ RDP protocol for Remote Desktop / Terminal Server

Too, you may need to let down the ACL. So if the exiting ACL is called "Internet-inbound-ACL" and your server is at 192.168.0.102, you would enter:

ip access-list extended Internet-inbound-ACL
permit tcp any any eq 3389
exit

Salud,
Scott