05-07-2008 11:54 PM - edited 03-05-2019 10:49 PM
Hello all, I am experiencing a problem with my 2600 router running Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(17), the problem is that "ip dns server" stops working when I set NAT:
ip nat inside source static tcp 192.168.57.171 53 61.XXX.XXX.XXX 53 extendable
ip nat inside source static udp 192.168.57.171 53 61.XXX.XXX.XXX 53 extendable
I need my router to be able to PAT all incomming request from the WAN side to a internal DNS server but at the same time to reply to dns queries for my network, any help is greatly appreciated.
Best Regards
05-09-2008 03:55 AM
can u share the DNS and your nat configs
05-11-2008 10:06 PM
Thank you, for your reply, sure here are the configurations used in the lab:
192.168.11.1 (gateway+dns server)
192.168.11.200 (router with the problem)
Current configuration : 1833 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname techno-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 adsfads
enable password 7 dasfasdf
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
ip name-server 192.168.11.1
!
!
interface FastEthernet0/0
ip address 192.168.11.200 255.255.255.0
ip access-group 110 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.57.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.1
!
ip dns server
!
no ip http server
no ip http secure-server
ip nat pool nat-pool 192.168.11.200 192.168.11.200 netmask 255.255.255.0
ip nat inside source list 10 pool nat-pool overload
ip nat inside source static tcp 192.168.57.171 53 192.168.11.200 53 extendable
ip nat inside source static udp 192.168.57.171 53 192.168.11.200 53 extendable
!
access-list 10 permit 192.168.57.0 0.0.0.255
access-list 110 deny tcp any 192.168.11.0 0.0.0.255 eq telnet
access-list 110 deny icmp any 192.168.11.0 0.0.0.255 8 0
access-list 110 permit ip any any
!
!
!
control-plane
!
line con 0
password 7 dasf
login
speed 115200
line aux 0
password 7 adsf
login
line vty 0 4
password 7 adsf
login
!
!
end
05-12-2008 01:53 AM
can you add the below command on the router.
ip domain-lookup
ip domain name company.com
05-12-2008 08:11 PM
Thank you pravinxyz for your reply, ip domain-lookup was already set and I added ip domain name company.com, but the ip dns server still refuses to work, I wonder if there is a way to limit ip dns server to work only for fa0/1 and the PAT -> 53 to work only on fa0/0.
Thank you
05-13-2008 05:21 AM
i am not sure what this route is for ?
ip route 0.0.0.0 0.0.0.0 192.168.11.1
I would request you to config a route as below and check.
ip route 192.168.57.0 255.255.255.0 fastethernet0/1
ip route 0.0.0.0 0.0.0.0 fasteternet 0/0
05-14-2008 12:30 AM
Hello pravinxyz thank you,
ip route 0.0.0.0 0.0.0.0 192.168.11.1
is the default gateway
I believe this is a problem related to the way "ip dns server" works, once setup it will enable the dns server (forwarder) withing the router which uses udp 53, when I set the PAT translation to 53 udp, the router internal dns server no longer can use the udp 53, that is why Im looking for a way to confine "ip dns server" to a interface, as well as the PAT redirection.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: