What NAT setting do I have missing?

fieryhail · ‎04-02-2009

Hello all, I am trying to host a server accessible from the internet on port 80. I have Static IP and dns setup pointing to my router, and NAT inside the router creating a static NAT route to LAN computer. I can access the LAN machine from inside the network by IP, but I can't access it all from the internet. Please help. I'll supply detailed config info if necessary

CriscoSystems · ‎04-02-2009

"I'll supply detailed config info if necessary"

It's necessary.

fieryhail · ‎04-02-2009

Building configuration...

Current configuration : 2489 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

!

hostname c3662

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

ip cef table adjacency-prefix validate

ip cef

ip domain name rcserveny.com

ip name-server 167.206.112.138

ip name-server 167.206.7.4!

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip nat allow-static-host

ip nat enable

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

ip address 96.56.78.172 255.255.255.248

ip nat outside

ip nat allow-static-host

ip nat enable

ip virtual-reassembly

speed auto

full-duplex

!

router rip

redistribute connected

network 96.0.0.0

network 192.168.1.0

!

ip default-gateway 96.56.78.169

no ip http server

!

ip route 0.0.0.0 0.0.0.0 96.56.78.169

!

ip nat log translations syslog

ip nat source static tcp 192.168.1.11 21 interface FastEthernet0/1 21

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.1.1 443 interface FastEthernet0/1 443

ip nat inside source static tcp 192.168.1.11 80 interface FastEthernet0/1 80

ip nat inside source static tcp 192.168.1.1 636 interface FastEthernet0/1 636

ip nat inside source static tcp 192.168.1.11 389 interface FastEthernet0/1 389

ip nat inside source static tcp 192.168.1.11 563 interface FastEthernet0/1 563

ip nat inside source static tcp 192.168.1.11 119 interface FastEthernet0/1 119

ip nat inside source static tcp 192.168.1.11 993 interface FastEthernet0/1 993

ip nat inside source static tcp 192.168.1.11 995 interface FastEthernet0/1 995

ip nat inside source static tcp 192.168.1.11 465 interface FastEthernet0/1 465

ip nat inside source static tcp 192.168.1.11 143 interface FastEthernet0/1 143

ip nat inside source static tcp 192.168.1.11 110 interface FastEthernet0/1 110

ip nat inside source static tcp 192.168.1.11 25 interface FastEthernet0/1 25

ip nat inside source static tcp 192.168.1.101 5900 interface FastEthernet0/1 420

ip nat inside source static tcp 192.168.1.12 22 interface FastEthernet0/1 22

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

snmp-server community public RO

!

control-plane

!

gateway

timer receive-rtp 1200

!

line con 0

line aux 0

line vty 0 4

login

!

end

------------

my running-config, I truncated it to remove the empty lines and password info.

John Blakley · ‎04-02-2009

I would try taking off the ip nat enable and the ip nat allow-static-host off of the interfaces.

Also, after creating these, you may need to either reload the router or try to clear out nat translations. I've had to do both on routers before they started answering correctly.

clear ip nat trans *

HTH,

John

HTH, John *** Please rate all useful posts ***

fieryhail · ‎04-02-2009

I did as you suggested, however, the problem exists, same as before, outgoing is ok, nothing incoming except for the transfer of email

John Blakley · ‎04-02-2009

Try changing the line below:

ip nat source static tcp 192.168.1.11 21 interface FastEthernet0/1 21

to

ip nat inside source static tcp 192.168.1.11 21 int fa0/1 21

See if that helps.

John

HTH, John *** Please rate all useful posts ***

fieryhail · ‎04-05-2009

Thank you for your replies, I have tried as you suggested but it is still not working properly. I'm getting out from the server here, but I can not access the server at all from the outside :-(. Public IP only goes nowhere because that would be the cisco itself and I have http server disabled. I'm thinking about tearing the router down and redoing it from a basic setup, only add the ip nat inside and outside to the interfaces and then create ip nat inside source static tcp 192.168.1.11 80 int fa0/1 80, as well as the other necessary ports to forward (SMTP, IMAP, SSL, LDAP, etc.) If this works I'll let you know, if this doesn't I'll let you know. I'm getting frustrated, it must be some simple setting or syntax error that I am confusing.

fieryhail · ‎04-06-2009

Thanks for all your help. I cleared the router and redid it, adding the ACL for my internal LAN and then a static nat for the mailserver to go out. Thanks again for all your help, everythng works now. Next issue is how to setup a VPN on the cisco. If anyone has an comments, I'd like to hear them.