router natting problem

Unanswered Question
Aug 19th, 2007
User Badges:

hello all,



THE scenario is as follows.

serial0- public ip (goes to internet)

e0 - public ip / 248

e1 - private ip (web server resides with IPwww)


- we are hosting our own web server which resides on the e1 subnet.

- The plan is to do a natting from one of the public ip on the e0 subnet (ie. IP1 to the private ip of the web server on the e1 subnet IPwww.


We cant make it work at all.


Are we doing something logical?


Please advise.


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 08/19/2007 - 22:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


It's a bit difficult to say without seeing the config. Assuming this is a router running IOS


private IP of web server: 192.168.5.10

public IP of web server: 217.22.17.10


ip nat inside source static 192.168.5.1.0 217.22.17.10


interface e0

ip nat outside


interface e1

ip nat inside


HTH


Jon

mohammedmahmoud Sun, 08/19/2007 - 22:51
User Badges:
  • Green, 3000 points or more

Hi Jon,


I doubt that he can NAT the server on the e1 subnet with an IP from the e0 subnet (directly connected to e0) what do you think about it.


BR,

Mohammed Mahmoud.

Jon Marshall Sun, 08/19/2007 - 22:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Mohammed


Hope study is going well.


Not sure what you mean by this. Why could he not just use one of his spare public IP addresses to present the private IP externally.


Have i missed something ?


Jon


Edit - Ahh i think i see what you mean. is it because the serial interface is the one that connects to the internet ?



mohammedmahmoud Sun, 08/19/2007 - 23:01
User Badges:
  • Green, 3000 points or more

Hi Jon,


Studying is going well i hope :) thanks for asking.


I only doubted it routing wise, the IP will be directly connected to interface e0, but according to the NAT order of operation, since the NAT outside to inside (global to local translation) does NATing then routing, then the traffic will be NATed to the correct inside local IP and then would be routed to the right interface, what do you think about this.


BR,

Mohammed Mahmoud.

mahmoodmkl Sun, 08/19/2007 - 22:42
User Badges:
  • Gold, 750 points or more

Hi


For this to work u need to have a static nat configured.


make u r e0 and so as nat outside.

and e1 as u r nat inside.


then u can define the static nat as below


ip nat inside source static (private IP) (public IP)


Thanks

Mahmood

cfajardo1_2 Mon, 08/20/2007 - 03:49
User Badges:

BELOW IS THE CURRENT RELEVANT CONFIG.



interface FastEthernet0/0

ip address 8x.x.x 255.255.255.240

ip nat outside

load-interval 30

duplex auto

speed auto

random-detect

!

interface FastEthernet0/1

ip address 192.168.0.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

bandwidth 1024

ip address 8y.y.y.y 255.255.255.252

ip nat outside

load-interval 30

no keepalive

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

no ip http server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

cfajardo1_2 Mon, 08/20/2007 - 04:17
User Badges:

One thing, if i give the ff. command, i will be able to ping, but not http


ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)

Jon Marshall Mon, 08/20/2007 - 06:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


have a look at previous post i sent. You do not have a static nat translation for the web server.


The fastethernet0/0 overload nat statement will not allow you to connect from outside to the web server.


Jon

cfajardo1_2 Mon, 08/20/2007 - 07:05
User Badges:

after ive put the below command, iwas able to ping but not http


ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)



IPa is a public IP address on the e0 subnet. its not the e0 itself

Actions

This Discussion