05-07-2008 11:54 PM - edited 03-05-2019 10:49 PM
Hello all, I am experiencing a problem with my 2600 router running Cisco IOS Software, C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.4(17), the problem is that "ip dns server" stops working when I set NAT:
ip nat inside source static tcp 192.168.57.171 53 61.XXX.XXX.XXX 53 extendable
ip nat inside source static udp 192.168.57.171 53 61.XXX.XXX.XXX 53 extendable
I need my router to be able to PAT all incomming request from the WAN side to a internal DNS server but at the same time to reply to dns queries for my network, any help is greatly appreciated.
Best Regards
05-09-2008 03:55 AM
can u share the DNS and your nat configs
05-11-2008 10:06 PM
Thank you, for your reply, sure here are the configurations used in the lab:
192.168.11.1 (gateway+dns server)
192.168.11.200 (router with the problem)
Current configuration : 1833 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname techno-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 adsfads
enable password 7 dasfasdf
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
ip name-server 192.168.11.1
!
!
interface FastEthernet0/0
ip address 192.168.11.200 255.255.255.0
ip access-group 110 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.57.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.11.1
!
ip dns server
!
no ip http server
no ip http secure-server
ip nat pool nat-pool 192.168.11.200 192.168.11.200 netmask 255.255.255.0
ip nat inside source list 10 pool nat-pool overload
ip nat inside source static tcp 192.168.57.171 53 192.168.11.200 53 extendable
ip nat inside source static udp 192.168.57.171 53 192.168.11.200 53 extendable
!
access-list 10 permit 192.168.57.0 0.0.0.255
access-list 110 deny tcp any 192.168.11.0 0.0.0.255 eq telnet
access-list 110 deny icmp any 192.168.11.0 0.0.0.255 8 0
access-list 110 permit ip any any
!
!
!
control-plane
!
line con 0
password 7 dasf
login
speed 115200
line aux 0
password 7 adsf
login
line vty 0 4
password 7 adsf
login
!
!
end
05-12-2008 01:53 AM
can you add the below command on the router.
ip domain-lookup
ip domain name company.com
05-12-2008 08:11 PM
Thank you pravinxyz for your reply, ip domain-lookup was already set and I added ip domain name company.com, but the ip dns server still refuses to work, I wonder if there is a way to limit ip dns server to work only for fa0/1 and the PAT -> 53 to work only on fa0/0.
Thank you
05-13-2008 05:21 AM
i am not sure what this route is for ?
ip route 0.0.0.0 0.0.0.0 192.168.11.1
I would request you to config a route as below and check.
ip route 192.168.57.0 255.255.255.0 fastethernet0/1
ip route 0.0.0.0 0.0.0.0 fasteternet 0/0
05-14-2008 12:30 AM
Hello pravinxyz thank you,
ip route 0.0.0.0 0.0.0.0 192.168.11.1
is the default gateway
I believe this is a problem related to the way "ip dns server" works, once setup it will enable the dns server (forwarder) withing the router which uses udp 53, when I set the PAT translation to 53 udp, the router internal dns server no longer can use the udp 53, that is why Im looking for a way to confine "ip dns server" to a interface, as well as the PAT redirection.
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide