port forwarding not working - here is my config!

Discussion in 'Cisco' started by Steve Richter, May 20, 2005.

  1. ok friends, here is my cisco 831 config. ( thanks to the tftp freebie
    from the good folks at kiwi enterprises:
    http://www.kiwisyslog.com/index.htm )

    What I want to do is forward the http traffic to my w2k web server on
    10.10.10.161.

    I am using verizon dsl service, dont have a static IP address.
    Currently my ip address is 141.153.133.251.

    the last I checked, this is not working:
    http://141.153.133.251/demosite/page2.aspx

    any help is appreciated,

    -Steve

    ----------------------------------------------------------

    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    no logging buffered
    enable secret 5 xxxxxxxxxxxxx
    !
    username ...
    username ...
    ip subnet-zero
    ip name-server 151.198.0.39
    ip name-server 151.197.0.39
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.160 10.10.10.254
    ip dhcp excluded-address 10.10.10.161
    !
    ip dhcp pool CLIENT
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    lease 0 2
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 32 in
    hold-queue 100 out
    !
    interface Ethernet1
    no ip address
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ...
    ppp chap password ...
    ppp pap sent-username ...
    ppp ipcp dns request
    ppp ipcp wins request
    !
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    ip nat inside source static tcp 10.10.10.161 80 interface Dialer1 80
    ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    3008
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end
     
    Steve Richter, May 20, 2005
    #1
    1. Advertisements

  2. Try this,

    ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80

    It works for me in my 831.

    I did change the IP address to yours, though. Other than that
    it is exactly the line in my 831.

    Fred
     
    Fred Atkinson, May 20, 2005
    #2
    1. Advertisements

  3. 80

    done. still not working. do I have to reboot?

    here is the latest config:

    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Router
    !
    no logging buffered
    enable secret ...
    !
    username ...
    username ...
    ip subnet-zero
    ip name-server 151.198.0.39
    ip name-server 151.197.0.39
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.160 10.10.10.254
    ip dhcp excluded-address 10.10.10.161
    !
    ip dhcp pool CLIENT
    import all
    network 10.10.10.0 255.255.255.0
    default-router 10.10.10.1
    lease 0 2
    !
    ip audit notify log
    ip audit po max-events 100
    !
    !
    !
    !
    interface Ethernet0
    ip address 10.10.10.1 255.255.255.0
    ip nat inside
    ip tcp adjust-mss 1452
    no cdp enable
    hold-queue 32 in
    hold-queue 100 out
    !
    interface Ethernet1
    no ip address
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Dialer1
    ip address negotiated
    ip mtu 1492
    ip nat outside
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ...
    ppp chap password ...
    ppp pap sent-username ...
    ppp ipcp dns request
    ppp ipcp wins request
    !
    ip nat inside source list 102 interface Dialer1 overload
    ip nat inside source static tcp 10.10.10.161 21 interface Dialer1 21
    ip nat inside source static tcp 10.10.10.161 80 interface Ethernet1 80
    ip nat inside source static tcp 10.10.10.160 3008 interface Dialer1
    3008
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip http server
    !
    !
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    line con 0
    exec-timeout 120 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end
     
    Steve Richter, May 20, 2005
    #3
  4. No. It should work.

    Is there anything in an ACL applied to E1 or E0 that might
    prevent this from working?


    Fred
     
    Fred Atkinson, May 21, 2005
    #4
  5. I just noticed that there is no IP address associated with you
    Ethernet 1 port. You might want to check that. But how are you
    accessing the Internet without it?


    Fred
     
    Fred Atkinson, May 21, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.