Problem with a website port forwarding on a different port

mark-rich · ‎01-28-2010

I have recently come back to the world of Cisco firewalls and asked to set up a port forwarding

rule for two ports to access an internal webserver from the outside on ports 8181 and 8282.

I have added the rules:

static (inside,outside) tcp extranet 8181 192.168.0.33 8181 netmask 255.255.255.255 0 0

static (inside,outside) tcp extranet 8282 192.168.0.33 8282 netmask 255.255.255.255 0 0

and:

access-list allow-in permit tcp any host extranet eq 8181

access-list allow-in permit tcp any host extranet eq 8282

'extranet' is defined earlier in the config with the external IP address and was always there and presently works with other rules.

However when trying to access the webpage from the outside the browser just times out.

I'm probably being a numpty here and have missed something or made a simple error.

Can anyone help my vague request?

Marky

Kureli Sankar · ‎01-28-2010

Does the page load internally?

Meaning when you use a host in the 192.168.0.0/24

subnet are you able to open the browser and go to http:// 192.168.0.33:8181 and http:// 192.168.0.33:8282

and it works?

-KS

mark-rich · ‎01-28-2010

Yes! The website works internally when accessed through the browser.

Kureli Sankar · ‎01-29-2010

Pls. verify if the acl sees any hit counts.

What do the logs say?

conf t

logging enable

logging buffered 7

exit

sh logg | i 192.168.x.33

What other ports does this server listen on that is working from the outside? Issue "sh run static" and make sure you do not have any incorrect static.

-KS