port forwarding not working - here is my config!

Discussion in 'Cisco' started by Steve Richter, May 20, 2005.

  1. ok friends, here is my cisco 831 config. ( thanks to the tftp freebie
    from the good folks at kiwi enterprises:
    http://www.kiwisyslog.com/index.htm )

    What I want to do is forward the http traffic to my w2k web server on
    10.10.10.161.

    I am using verizon dsl service, dont have a static IP address.
    Currently my ip address is 141.153.133.251.

    the last I checked, this is not working:
    http://141.153.133.251/demosite/page2.aspx

    any help is appreciated,

    -Steve

    ----------------------------------------------------------

    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    no logging buffered
    enable secret 5 xxxxxxxxxxxxx
    !
    username ...
    username ...
    ip subnet-zero
    ip name-server 151.198.0.39
    ip name-server 151.197.0.39
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.160 10.10.10.254
    ip dhcp excluded-address 10.10.10.161
    !
    ip dhcp pool CLIENT
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    lease 0 2
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 32 in
    hold-queue 100 out
    !
    interface Ethernet1
    no ip address
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ...
    ppp chap password ...
    ppp pap sent-username ...
    ppp ipcp dns request
    ppp ipcp wins request
    !
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    ip nat inside source static tcp 10.10.10.161 80 interface Dialer1 80
    ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    3008
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end
    Steve Richter, May 20, 2005
    #1
    1. Advertising

  2. Try this,

    ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80

    It works for me in my 831.

    I did change the IP address to yours, though. Other than that
    it is exactly the line in my 831.

    Fred

    On 20 May 2005 11:47:47 -0700, "Steve Richter"
    <> wrote:

    >ok friends, here is my cisco 831 config. ( thanks to the tftp freebie
    >from the good folks at kiwi enterprises:
    >http://www.kiwisyslog.com/index.htm )
    >
    >What I want to do is forward the http traffic to my w2k web server on
    >10.10.10.161.
    >
    >I am using verizon dsl service, dont have a static IP address.
    >Currently my ip address is 141.153.133.251.
    >
    >the last I checked, this is not working:
    > http://141.153.133.251/demosite/page2.aspx
    >
    >any help is appreciated,
    >
    >-Steve
    >
    >----------------------------------------------------------
    >
    >!
    >version 12.2
    >no service pad
    >service timestamps debug uptime
    >service timestamps log uptime
    >service password-encryption
    >!
    >hostname Router
    >!
    >no logging buffered
    >enable secret 5 xxxxxxxxxxxxx
    >!
    >username ...
    >username ...
    >ip subnet-zero
    >ip name-server 151.198.0.39
    >ip name-server 151.197.0.39
    >ip dhcp excluded-address 10.10.10.1
    >ip dhcp excluded-address 10.10.10.160 10.10.10.254
    >ip dhcp excluded-address 10.10.10.161
    >!
    >ip dhcp pool CLIENT
    > import all
    > network 10.10.10.0 255.255.255.0
    > default-router 10.10.10.1
    > lease 0 2
    >!
    >ip audit notify log
    >ip audit po max-events 100
    >!
    >!
    >!
    >!
    >interface Ethernet0
    > ip address 10.10.10.1 255.255.255.0
    > ip nat inside
    > ip tcp adjust-mss 1452
    > no cdp enable
    > hold-queue 32 in
    > hold-queue 100 out
    >!
    >interface Ethernet1
    > no ip address
    > pppoe enable
    > pppoe-client dial-pool-number 1
    > no cdp enable
    >!
    >interface Dialer1
    > ip address negotiated
    > ip mtu 1492
    > ip nat outside
    > encapsulation ppp
    > ip tcp adjust-mss 1452
    > dialer pool 1
    > dialer-group 1
    > ppp authentication chap pap callin
    > ppp chap hostname ...
    > ppp chap password ...
    > ppp pap sent-username ...
    > ppp ipcp dns request
    > ppp ipcp wins request
    >!
    >ip nat inside source list 102 interface Dialer1 overload
    >ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    >ip nat inside source static tcp 10.10.10.161 80 interface Dialer1 80
    >ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    >3008
    >ip classless
    >ip route 0.0.0.0 0.0.0.0 Dialer1
    >ip http server
    >!
    >!
    >access-list 23 permit 10.10.10.0 0.0.0.255
    >access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    >dialer-list 1 protocol ip permit
    >!
    >line con 0
    > exec-timeout 120 0
    > no modem enable
    > stopbits 1
    >line aux 0
    > stopbits 1
    >line vty 0 4
    > access-class 23 in
    > exec-timeout 120 0
    > login local
    > length 0
    >!
    >scheduler max-task-time 5000
    >end
    Fred Atkinson, May 20, 2005
    #2
    1. Advertising

  3. Fred Atkinson wrote:
    > Try this,
    >
    > ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1

    80

    done. still not working. do I have to reboot?

    here is the latest config:

    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    no logging buffered
    enable secret ...
    !
    username ...
    username ...
    ip subnet-zero
    ip name-server 151.198.0.39
    ip name-server 151.197.0.39
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.160 10.10.10.254
    ip dhcp excluded-address 10.10.10.161
    !
    ip dhcp pool CLIENT
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    lease 0 2
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 32 in
    hold-queue 100 out
    !
    interface Ethernet1
    no ip address
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ...
    ppp chap password ...
    ppp pap sent-username ...
    ppp ipcp dns request
    ppp ipcp wins request
    !
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80
    ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    3008
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end
    Steve Richter, May 20, 2005
    #3
  4. On 20 May 2005 12:28:22 -0700, "Steve Richter"
    <> wrote:

    >
    >Fred Atkinson wrote:
    >> Try this,
    >>
    >> ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1

    >80
    >
    >done. still not working. do I have to reboot?


    No. It should work.

    Is there anything in an ACL applied to E1 or E0 that might
    prevent this from working?


    Fred

    >here is the latest config:
    >
    >!
    >version 12.2
    >no service pad
    >service timestamps debug uptime
    >service timestamps log uptime
    >service password-encryption
    >!
    >hostname Router
    >!
    >no logging buffered
    >enable secret ...
    >!
    >username ...
    >username ...
    >ip subnet-zero
    >ip name-server 151.198.0.39
    >ip name-server 151.197.0.39
    >ip dhcp excluded-address 10.10.10.1
    >ip dhcp excluded-address 10.10.10.160 10.10.10.254
    >ip dhcp excluded-address 10.10.10.161
    >!
    >ip dhcp pool CLIENT
    > import all
    > network 10.10.10.0 255.255.255.0
    > default-router 10.10.10.1
    > lease 0 2
    >!
    >ip audit notify log
    >ip audit po max-events 100
    >!
    >!
    >!
    >!
    >interface Ethernet0
    > ip address 10.10.10.1 255.255.255.0
    > ip nat inside
    > ip tcp adjust-mss 1452
    > no cdp enable
    > hold-queue 32 in
    > hold-queue 100 out
    >!
    >interface Ethernet1
    > no ip address
    > pppoe enable
    > pppoe-client dial-pool-number 1
    > no cdp enable
    >!
    >interface Dialer1
    > ip address negotiated
    > ip mtu 1492
    > ip nat outside
    > encapsulation ppp
    > ip tcp adjust-mss 1452
    > dialer pool 1
    > dialer-group 1
    > ppp authentication chap pap callin
    > ppp chap hostname ...
    > ppp chap password ...
    > ppp pap sent-username ...
    > ppp ipcp dns request
    > ppp ipcp wins request
    >!
    >ip nat inside source list 102 interface Dialer1 overload
    >ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    >ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80
    >ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    >3008
    >ip classless
    >ip route 0.0.0.0 0.0.0.0 Dialer1
    >ip http server
    >!
    >!
    >access-list 23 permit 10.10.10.0 0.0.0.255
    >access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    >dialer-list 1 protocol ip permit
    >!
    >line con 0
    > exec-timeout 120 0
    > no modem enable
    > stopbits 1
    >line aux 0
    > stopbits 1
    >line vty 0 4
    > access-class 23 in
    > exec-timeout 120 0
    > login local
    > length 0
    >!
    >scheduler max-task-time 5000
    >end
    Fred Atkinson, May 21, 2005
    #4
  5. On 20 May 2005 12:28:22 -0700, "Steve Richter"
    <> wrote:

    >
    >Fred Atkinson wrote:
    >> Try this,
    >>
    >> ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1

    >80
    >
    >done. still not working. do I have to reboot?
    >
    >here is the latest config:
    >
    >!
    >version 12.2
    >no service pad
    >service timestamps debug uptime
    >service timestamps log uptime
    >service password-encryption
    >!
    >hostname Router
    >!
    >no logging buffered
    >enable secret ...
    >!
    >username ...
    >username ...
    >ip subnet-zero
    >ip name-server 151.198.0.39
    >ip name-server 151.197.0.39
    >ip dhcp excluded-address 10.10.10.1
    >ip dhcp excluded-address 10.10.10.160 10.10.10.254
    >ip dhcp excluded-address 10.10.10.161
    >!
    >ip dhcp pool CLIENT
    > import all
    > network 10.10.10.0 255.255.255.0
    > default-router 10.10.10.1
    > lease 0 2
    >!
    >ip audit notify log
    >ip audit po max-events 100
    >!
    >!
    >!
    >!
    >interface Ethernet0
    > ip address 10.10.10.1 255.255.255.0
    > ip nat inside
    > ip tcp adjust-mss 1452
    > no cdp enable
    > hold-queue 32 in
    > hold-queue 100 out
    >!
    >interface Ethernet1
    > no ip address
    > pppoe enable
    > pppoe-client dial-pool-number 1
    > no cdp enable
    >!
    >interface Dialer1
    > ip address negotiated
    > ip mtu 1492
    > ip nat outside
    > encapsulation ppp
    > ip tcp adjust-mss 1452
    > dialer pool 1
    > dialer-group 1
    > ppp authentication chap pap callin
    > ppp chap hostname ...
    > ppp chap password ...
    > ppp pap sent-username ...
    > ppp ipcp dns request
    > ppp ipcp wins request
    >!
    >ip nat inside source list 102 interface Dialer1 overload
    >ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    >ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80
    >ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    >3008
    >ip classless
    >ip route 0.0.0.0 0.0.0.0 Dialer1
    >ip http server
    >!
    >!
    >access-list 23 permit 10.10.10.0 0.0.0.255
    >access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    >dialer-list 1 protocol ip permit
    >!
    >line con 0
    > exec-timeout 120 0
    > no modem enable
    > stopbits 1
    >line aux 0
    > stopbits 1
    >line vty 0 4
    > access-class 23 in
    > exec-timeout 120 0
    > login local
    > length 0
    >!
    >scheduler max-task-time 5000
    >end


    I just noticed that there is no IP address associated with you
    Ethernet 1 port. You might want to check that. But how are you
    accessing the Internet without it?


    Fred
    Fred Atkinson, May 21, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ComputerMan
    Replies:
    3
    Views:
    3,000
  2. Replies:
    10
    Views:
    1,584
  3. wysocki
    Replies:
    0
    Views:
    460
    wysocki
    May 24, 2007
  4. ToyalP2
    Replies:
    7
    Views:
    1,498
    ToyalP2
    Jan 7, 2008
  5. Greg
    Replies:
    0
    Views:
    3,637
Loading...

Share This Page