Why nat does not work

edgar-quintana · ‎07-24-2007

Hi,

This is my configuration, web browsing works but I do not know why nat does not work

Best regards

froggy3132000 · ‎07-24-2007

are you talking about the inbound ftp connection?

edgar-quintana · ‎07-24-2007

Yes...

Well, there is only a ftp nat, but I need to configure a ftp (20, 21) web(80).. and more.

But I do not know why does not work

kerek · ‎07-24-2007

Hello,

The acl applied to the WAN interface to inbound direction (acl 101) filter out many things so that can be a problem but

The

access-list 101 permit tcp host xxxxxxxxx

access-list 101 permit tcp host xxxxxxxxxxxxxx

entries have to be something on the end as they are extended acl's.

You have two networks on the LAN and the acl 110 does cover only the 192.168.156.0/24.

Anyway the permanent ip route is not the best thing.

What does the "show ip nat trans" shows?

Krisztian

edgar-quintana · ‎07-24-2007

See the attach

edgar-quintana · ‎07-24-2007

See the attach

Best regards

kerek · ‎07-24-2007

Hi,

Well from the nat translation it seems the 192.168.156.69 try to connect to 62.22.92.107 and 212.8.111.70 tcp 25 which is smtp, but it is not permitted in the acl. Your acl permits incoming ftp, www, icmp from any source and ssh, cmd, https, dns, from certain host and deny all other (access-list 101 deny ip any any).

So your nat works fine but the acl filter out the traffic coming back.

You can try it by simple remove the acl for a short time and will see...

Krisztian

froggy3132000 · ‎07-24-2007

I would do a one-to-one NAT and then permit the ports via the acl.