router natting problem

cfajardo1_2 · ‎08-19-2007

hello all,

THE scenario is as follows.

serial0- public ip (goes to internet)

e0 - public ip / 248

e1 - private ip (web server resides with IPwww)

- we are hosting our own web server which resides on the e1 subnet.

- The plan is to do a natting from one of the public ip on the e0 subnet (ie. IP1 to the private ip of the web server on the e1 subnet IPwww.

We cant make it work at all.

Are we doing something logical?

Please advise.

Thanks

Jon Marshall · ‎08-19-2007

Hi

It's a bit difficult to say without seeing the config. Assuming this is a router running IOS

private IP of web server: 192.168.5.10

public IP of web server: 217.22.17.10

ip nat inside source static 192.168.5.1.0 217.22.17.10

interface e0

ip nat outside

interface e1

ip nat inside

HTH

Jon

mohammedmahmoud · ‎08-19-2007

Hi Jon,

I doubt that he can NAT the server on the e1 subnet with an IP from the e0 subnet (directly connected to e0) what do you think about it.

BR,

Mohammed Mahmoud.

Jon Marshall · ‎08-19-2007

Hi Mohammed

Hope study is going well.

Not sure what you mean by this. Why could he not just use one of his spare public IP addresses to present the private IP externally.

Have i missed something ?

Jon

Edit - Ahh i think i see what you mean. is it because the serial interface is the one that connects to the internet ?

mohammedmahmoud · ‎08-19-2007

Hi Jon,

Studying is going well i hope :) thanks for asking.

I only doubted it routing wise, the IP will be directly connected to interface e0, but according to the NAT order of operation, since the NAT outside to inside (global to local translation) does NATing then routing, then the traffic will be NATed to the correct inside local IP and then would be routed to the right interface, what do you think about this.

BR,

Mohammed Mahmoud.

mahmoodmkl · ‎08-19-2007

Hi

For this to work u need to have a static nat configured.

make u r e0 and so as nat outside.

and e1 as u r nat inside.

then u can define the static nat as below

ip nat inside source static (private IP) (public IP)

Thanks

Mahmood

cfajardo1_2 · ‎08-20-2007

BELOW IS THE CURRENT RELEVANT CONFIG.

interface FastEthernet0/0

ip address 8x.x.x 255.255.255.240

ip nat outside

load-interval 30

duplex auto

speed auto

random-detect

!

interface FastEthernet0/1

ip address 192.168.0.254 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

bandwidth 1024

ip address 8y.y.y.y 255.255.255.252

ip nat outside

load-interval 30

no keepalive

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

no ip http server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

cfajardo1_2 · ‎08-20-2007

One thing, if i give the ff. command, i will be able to ping, but not http

ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)

Jon Marshall · ‎08-20-2007

Hi

have a look at previous post i sent. You do not have a static nat translation for the web server.

The fastethernet0/0 overload nat statement will not allow you to connect from outside to the web server.

Jon

cfajardo1_2 · ‎08-20-2007

after ive put the below command, iwas able to ping but not http

ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)

IPa is a public IP address on the e0 subnet. its not the e0 itself