Cisco 837 NAT not working, what am I doing wrong?

Hi,

I have been trying to get my 837 onto the Internet and opening a few
ports so that the webserver can be reached from the outside world, but
for some reason no traffic will pass the NAT...

I can get onto the Internet fine, but no machine can reach the webserver
on the inside...

Can someone please take a look at my config and tell me what goes wrong
here?

Thanks,

Arnoud

PS: I know, it will need some more tuning and closing down, but I want
to get it running first...


version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cisco837
!
enable password XXXXXXXX
!
username XXXXXXXX privilege 15 secret 5 XXXXXXXX
username XXXXXXXX privilege 15 password 0 XXXXXXXX
clock timezone Eindhvn 1
no aaa new-model
ip subnet-zero
!
no ip domain lookup
ip ips po max-events 100
no ftp-server write-enable
!
bridge irb
!
interface Ethernet0
ip address 10.210.6.249 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
no keepalive
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0 8/48
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username XXXXXXXX password 0 XXXXXXXX
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
ip route 212.206.95.0 255.255.255.0 10.210.6.254
!
ip http server
ip http secure-server
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 10.210.6.1 22 [ext-ip] 22 extendable
no-alias
ip nat inside source static tcp 10.210.6.1 80 [ext-ip] 80 extendable
no-alias
!
access-list 101 permit ip any any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 120 0
login local
transport preferred all
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
sntp server 17.254.0.28
end

 

Could the "ip http server" command be causing this issue? ie is the
router attempting to intercept the incoming http request?

Regards,
Steve
www.networking-forum.com

 

Ah, no, I already turned that off, but I tried it with a lot of
different inbound ports as well; same problem...

Arnoud

 

I do not too much about Dialer interfaces but it looks OK, and also the
NAT. I wonder if your ISP knows the public IP that you are assigning
staticaly to the webserver with the NAT:

ip nat inside source static tcp 10.210.6.1 22 [ext-ip] 22 extendable
no-alias
ip nat inside source static tcp 10.210.6.1 80 [ext-ip] 80 extendable
no-alias

What I mean, it is if your ISP have a route to the ext-ip to your
router.

-as

 

What do you think about using the Web set-up interface (CRWS)? What you want
to do could be sorted out in a couple of minutes using CRWS! Or is that
'cheating'?!

Regards
SW

 

Hah, good idea, but... There is no way I have found that it will run in
a browser under Mac OS X... It might work with Windows, but alas...

Arnoud

 

I checked, and yes, the IP I set is correct. It is the IP assigned to me
by my ISP, and it is static.

Arnoud

 

Ahh! So its not really much use to you then. I was interested in your
problem, because I have the opposite problem. I need to do stuff on the 837
that I can't do using the CRWS (set up an Access control list and also set a
static route). And I don't know how to do this using CLI.
I don't think Cisco make it easy to learn the CLI. I've looked on their web
site, registered, but still I can't find a basic how-to list or a reference
manual of commands. If you know of one, please let me know!

Regards
SW

 

I picked up a copy of "Cisco IOS in a Nutshell" by O'Reilly, and it is
quite a big help. Sadly a lot of books on Cisco equipment focus on the
higher-end routers, and only casually mention topics like NAT or setting
up a 'simple' ADSL router...

Setting up static routes is an easy part: (from my config)

ip route 212.206.95.0 255.255.255.0 10.210.6.254

this sets up: the network 212.206.95.xxx can be reached through router
10.210.6.254.

Yes, there is a lot of information on Cisco's site, but finding the part
you need, in normal, understandable English is quite a task...

Arnoud

 

Try

ip nat inside source static tcp 10.210.6.1 22 interface Dialer 0 22 ext
ip nat inside source static tcp 10.210.6.1 80 interface Dialer 0 80 ext


Christian

 

It is a struggle to get started for sure.

Being a smart ass I tried
"reference manual of commands" in the cisco
search but did not get much.

http://www.cisco.com/en/US/products...configuration_guide_book09186a008007c965.html
May be a good place to start as a sort of canned intro.

Search for [command reference 12.3 mainline] leads to:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/prod_command_reference_list.html
http://www.cisco.com/en/US/products...stallation_and_configuration_guides_list.html


12.3T (Extra features, may be needed for 837)
This may be only the additional "T" features or it may be a complete
guide.
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/prod_command_reference_list.html
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/tsd_products_support_configure.html

 

Ok, thanks all for thinking along with me, but... ahem... the config I
posted worked just fine... oops

If only I had remembered to change the router/gateway address on the
machine I was trying to reach after I installed the new router <<blush>>
:-D

That sure helped a lot...

Arnoud

 

Thanks a lot! I don't know how I missed the first one, but that seems to be
exactly what I need.

Regards
SW