Allowing Cisco 837 router to forward traffic to my web server

Discussion in 'Cisco' started by Jason, May 18, 2009.

  1. Jason

    Jason Guest

    Hi,

    Purely as a lab exercise I would like to be able to use my Cisco 837 router
    to access web pages on my Ubuntu machine.

    I have set up a static NAT entry to forward port 80 traffic to my server's
    internal IP address & explicitly allowed port 80 through the firewall. The
    problem I'm having is that when I browse to my external IP address I'm
    taken to the routers HTTP admin login page. The 2 questions I have are:

    1) How can I change the routers HTTP admin port number to something other
    than 80?

    2) How can I ensure port 80 traffic is forwarded to my Ubuntu machine so it
    serves web pages?

    TIA, Jason.
     
    Jason, May 18, 2009
    #1
    1. Advertisements

  2. Jason

    nexrider Guest

    you are better off using access list as opposed to nat
     
    nexrider, May 19, 2009
    #2
    1. Advertisements

  3. If your 837 works like my 827, then try this:

    ip nat inside source static tcp 10.0.1.1 9080 interface Dialer0 80
    ip http access-class 1
    access-list 1 permit 10.0.1.0 0.0.0.255
    access-list 1 permit 10.0.2.0 0.0.0.255
    access-list 1 permit 10.1.1.0 0.0.0.255
    access-list 1 deny any log

    The NAT line redirects external port 80 traffic to my web server on
    port 9080 (so that I can use port 80 on that box for my internal web
    server). Then access to the 827's web server is controlled by
    access-list 1 which only specifically allows some of the internal IP
    addresses to access it. I think this works because all of the IP
    addresses permitted to access the 827's web server only route through
    the Ethernet0 port and hence any port 80 traffic on the ADSL port does
    not match access-list 1 and drops through that rule to be seen by the
    NAT rule.

    If you want to change the 837's web port, use:

    ip http port 8080
     
    Stephen Worthington, May 19, 2009
    #3
  4. Jason

    Jason Guest

    Thanks for the answer, I've successfully changed the http port & locked
    it down with the access list. I'm still working on being able to access
    my web server from the Internet though.
     
    Jason, May 19, 2009
    #4
  5. Jason

    vobe Guest

    Hi Jason,

    make a telnet - session to Your router.
    take the access-list wich controlles the incomming traffic (here xxx)
    =============================================
    telnet "router-ip"

    login....

    router#

    sh access-lists xxx
    10 ...
    20 ...
    .... ...

    conf t
    ip access-lists extendend xxx
    25 permit tcp any any eq 80
    26 permit tcp any any eq 443

    exit

    ip nat inside source static tcp "webserver-lan ip" 80 interface Dialer 1 80
    ip nat inside source static tcp "webserver-lan ip" 443 interface Dialer 1
    443

    exit
    wr
    ==================================================

    Thats all.

    Bernie
     
    vobe, May 30, 2009
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.