Allowing Cisco 837 router to forward traffic to my web server

Discussion in 'Cisco' started by Jason, May 18, 2009.

  1. Jason

    Jason Guest

    Hi,

    Purely as a lab exercise I would like to be able to use my Cisco 837 router
    to access web pages on my Ubuntu machine.

    I have set up a static NAT entry to forward port 80 traffic to my server's
    internal IP address & explicitly allowed port 80 through the firewall. The
    problem I'm having is that when I browse to my external IP address I'm
    taken to the routers HTTP admin login page. The 2 questions I have are:

    1) How can I change the routers HTTP admin port number to something other
    than 80?

    2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it
    serves web pages?

    TIA, Jason.
     
    Jason, May 18, 2009
    #1
    1. Advertising

  2. Jason

    Guest

    On May 18, 4:51 pm, Jason <>
    wrote:
    > Hi,
    >
    > Purely as a lab exercise I would like to be able to use my Cisco 837 router
    > to access web pages on my Ubuntu machine.
    >
    > I have set up a static NAT entry to forward port 80 traffic to my server's
    > internal IP address & explicitly allowed port 80 through the firewall. The
    > problem I'm having is that when I browse to my external IP address I'm
    > taken to the routers HTTP admin login page. The 2 questions I have are:
    >
    > 1) How can I change the routers HTTP admin port number to something other
    > than 80?
    >
    > 2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it
    > serves web pages?
    >
    > TIA, Jason.


    you are better off using access list as opposed to nat
     
    , May 19, 2009
    #2
    1. Advertising

  3. On Mon, 18 May 2009 20:51:03 GMT, Jason
    <> wrote:

    >Hi,
    >
    >Purely as a lab exercise I would like to be able to use my Cisco 837 router
    >to access web pages on my Ubuntu machine.
    >
    >I have set up a static NAT entry to forward port 80 traffic to my server's
    >internal IP address & explicitly allowed port 80 through the firewall. The
    >problem I'm having is that when I browse to my external IP address I'm
    >taken to the routers HTTP admin login page. The 2 questions I have are:
    >
    >1) How can I change the routers HTTP admin port number to something other
    >than 80?
    >
    >2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it
    >serves web pages?
    >
    >TIA, Jason.


    If your 837 works like my 827, then try this:

    ip nat inside source static tcp 10.0.1.1 9080 interface Dialer0 80
    ip http access-class 1
    access-list 1 permit 10.0.1.0 0.0.0.255
    access-list 1 permit 10.0.2.0 0.0.0.255
    access-list 1 permit 10.1.1.0 0.0.0.255
    access-list 1 deny any log

    The NAT line redirects external port 80 traffic to my web server on
    port 9080 (so that I can use port 80 on that box for my internal web
    server). Then access to the 827's web server is controlled by
    access-list 1 which only specifically allows some of the internal IP
    addresses to access it. I think this works because all of the IP
    addresses permitted to access the 827's web server only route through
    the Ethernet0 port and hence any port 80 traffic on the ADSL port does
    not match access-list 1 and drops through that rule to be seen by the
    NAT rule.

    If you want to change the 837's web port, use:

    ip http port 8080
     
    Stephen Worthington, May 19, 2009
    #3
  4. Jason

    Jason Guest

    Stephen Worthington <34.nz56.remove_numbers> wrote in
    news::

    > On Mon, 18 May 2009 20:51:03 GMT, Jason
    > <> wrote:
    >
    >>Hi,
    >>
    >>Purely as a lab exercise I would like to be able to use my Cisco 837
    >>router to access web pages on my Ubuntu machine.
    >>
    >>I have set up a static NAT entry to forward port 80 traffic to my
    >>server's internal IP address & explicitly allowed port 80 through the
    >>firewall. The problem I'm having is that when I browse to my external
    >>IP address I'm taken to the routers HTTP admin login page. The 2
    >>questions I have are:
    >>
    >>1) How can I change the routers HTTP admin port number to something
    >>other than 80?
    >>
    >>2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine
    >>so it serves web pages?
    >>
    >>TIA, Jason.

    >
    > If your 837 works like my 827, then try this:
    >
    > ip nat inside source static tcp 10.0.1.1 9080 interface Dialer0 80
    > ip http access-class 1
    > access-list 1 permit 10.0.1.0 0.0.0.255
    > access-list 1 permit 10.0.2.0 0.0.0.255
    > access-list 1 permit 10.1.1.0 0.0.0.255
    > access-list 1 deny any log
    >
    > The NAT line redirects external port 80 traffic to my web server on
    > port 9080 (so that I can use port 80 on that box for my internal web
    > server). Then access to the 827's web server is controlled by
    > access-list 1 which only specifically allows some of the internal IP
    > addresses to access it. I think this works because all of the IP
    > addresses permitted to access the 827's web server only route through
    > the Ethernet0 port and hence any port 80 traffic on the ADSL port does
    > not match access-list 1 and drops through that rule to be seen by the
    > NAT rule.
    >
    > If you want to change the 837's web port, use:
    >
    > ip http port 8080


    Thanks for the answer, I've successfully changed the http port & locked
    it down with the access list. I'm still working on being able to access
    my web server from the Internet though.
     
    Jason, May 19, 2009
    #4
  5. Jason

    vobe Guest

    Hi Jason,

    make a telnet - session to Your router.
    take the access-list wich controlles the incomming traffic (here xxx)
    =============================================
    telnet "router-ip"

    login....

    router#

    sh access-lists xxx
    10 ...
    20 ...
    .... ...

    conf t
    ip access-lists extendend xxx
    25 permit tcp any any eq 80
    26 permit tcp any any eq 443

    exit

    ip nat inside source static tcp "webserver-lan ip" 80 interface Dialer 1 80
    ip nat inside source static tcp "webserver-lan ip" 443 interface Dialer 1
    443

    exit
    wr
    ==================================================

    Thats all.

    Bernie


    "Jason" <> schrieb im Newsbeitrag
    news:Xns9C0FDE46E66C9SpamSpamSpamSpanishI@69.16.186.8...
    > Hi,
    >
    > Purely as a lab exercise I would like to be able to use my Cisco 837
    > router
    > to access web pages on my Ubuntu machine.
    >
    > I have set up a static NAT entry to forward port 80 traffic to my server's
    > internal IP address & explicitly allowed port 80 through the firewall. The
    > problem I'm having is that when I browse to my external IP address I'm
    > taken to the routers HTTP admin login page. The 2 questions I have are:
    >
    > 1) How can I change the routers HTTP admin port number to something other
    > than 80?
    >
    > 2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so
    > it
    > serves web pages?
    >
    > TIA, Jason.
     
    vobe, May 30, 2009
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Suppa Lamah
    Replies:
    8
    Views:
    1,650
  2. Replies:
    4
    Views:
    4,207
  3. eric the brave
    Replies:
    0
    Views:
    1,120
    eric the brave
    Mar 5, 2006
  4. Replies:
    4
    Views:
    475
    Martin
    Mar 29, 2007
  5. briefus

    Allowing HTTP traffic inside cisco router

    briefus, Aug 12, 2009, in forum: General Computer Support
    Replies:
    1
    Views:
    3,370
    briefus
    Aug 12, 2009
Loading...

Share This Page