07-24-2007 05:20 AM - edited 03-05-2019 05:27 PM
Hi,
This is my configuration, web browsing works but I do not know why nat does not work
Best regards
07-24-2007 05:50 AM
are you talking about the inbound ftp connection?
07-24-2007 07:37 AM
Yes...
Well, there is only a ftp nat, but I need to configure a ftp (20, 21) web(80).. and more.
But I do not know why does not work
07-24-2007 06:05 AM
Hello,
The acl applied to the WAN interface to inbound direction (acl 101) filter out many things so that can be a problem but
The
access-list 101 permit tcp host xxxxxxxxx
access-list 101 permit tcp host xxxxxxxxx
access-list 101 permit tcp host xxxxxxxxxxxxxx
entries have to be something on the end as they are extended acl's.
You have two networks on the LAN and the acl 110 does cover only the 192.168.156.0/24.
Anyway the permanent ip route is not the best thing.
What does the "show ip nat trans" shows?
Krisztian
07-24-2007 07:47 AM
See the attach
07-24-2007 07:48 AM
07-24-2007 08:12 AM
Hi,
Well from the nat translation it seems the 192.168.156.69 try to connect to 62.22.92.107 and 212.8.111.70 tcp 25 which is smtp, but it is not permitted in the acl. Your acl permits incoming ftp, www, icmp from any source and ssh, cmd, https, dns, from certain host and deny all other (access-list 101 deny ip any any).
So your nat works fine but the acl filter out the traffic coming back.
You can try it by simple remove the acl for a short time and will see...
Krisztian
07-24-2007 08:54 AM
I would do a one-to-one NAT and then permit the ports via the acl.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: