«

I am trying to do a simple NAT translation so that I can have a web
server running on port 8000 that appears as a public IP instead of a
private one. I want http://192.168.1.11:8000 to be addressable by
http://204.57.130.50:8000 . I can't figure out what I am doing wrong.
If I type http://localhost:8000 it works. If go to another PC instead
the network and access it on port 8000 it works. But from the internet
it just does not work. I just get a page cannot be displayed message.
I am only running IOS 12.0.28 on my 2501 router so maybe I should
upgrade. I will post my configuration here. I've tried it with and
without the access list command. Any help would be appreciated:

Building configuration...

Current configuration:
!
! Last configuration change at 17:14:01 BKK Wed Oct 5 2005
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname m3koffice
!
enable secret 5 xxxxxxxxxxxxx
enable password 1234
!
ip subnet-zero
ip name-server 204.57.160.129
ip name-server 204.57.128.67
clock timezone BKK 7
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
description Connect to M2K-TOT
ip address 204.57.130.50 255.255.255.252
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface TokenRing0
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 1 interface Serial0 overload
ip nat inside source static udp 192.168.1.11 8000 204.57.130.50 8000
extend
ip nat inside source static tcp 192.168.1.11 8000 204.57.130.50 8000
extend
ip nat inside source static tcp 192.168.1.11 8080 204.57.130.50 8080
extend
ip nat inside source static tcp 192.168.1.11 1813 204.57.130.50 1813
extend
ip nat inside source static tcp 192.168.1.11 1812 204.57.130.50 1812
extend
ip classless
ip route 0.0.0.0 0.0.0.0 204.57.130.49
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
transport input none
line aux 0
line vty 0
password xyz123
login
line vty 1 4
password 1234
login
!
ntp clock-period 17180128
ntp server 204.57.160.2
end

Well I upgraded the IOS to 12.1.2T and it still does not work. There
is no reason I could not upgrade further but I am thinking it is not
the IOS. Now I am getting desperate. I need to get this working in 24
hours or less.

Thanks.

In article <. com>,
<> wrote:
:I am trying to do a simple NAT translation so that I can have a web
:server running on port 8000 that appears as a public IP instead of a
rivate one. I want http://192.168.1.11:8000 to be addressable by
:http://204.57.130.50:8000 . I can't figure out what I am doing wrong.

I haven't worked with IOS static NAT before, but I found a line
in a document that suggests a possibility.

:ip nat inside source list 1 interface Serial0 overload
:ip nat inside source static udp 192.168.1.11 8000 204.57.130.50 8000 extend

>access-list 1 permit 192.168.1.0 0.0.0.255

Try using an extended access list and excluding port 8000 and the
other static ports from the list.

http://www.cisco.com/warp/public/cc/...t/iosnt_qp.htm

Q. Is it possible to build a configuration with both static and
dynamic NAT translations?

A. Yes, this is possible, with the caveat that the global addresses
used in static translations are not automatically excluded with
dynamic pools containing those global addresses. You must create
your dynamic pools to exclude addresses assigned via static
entries.

The above is talking about IPs, but -possibly- the same effect extends
to ports.
--
Watch for our new, improved .signatures -- Wittier! Profounder! and
with less than 2 grams of Trite!