NAT Config

Unanswered Question
Oct 16th, 2003
User Badges:

I have a web server sitting on private using standard port 80. I want it to be accessed by public users without changing IP on my server. I enabled static NAT on the router side (ip nat inside source static 192.168.0.10 64.94.100.25). im wondering why from browser, when i access http://64.94.100.25, it's going nowhere.. is this the right way to do it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ladislaus Thu, 10/16/2003 - 07:33
User Badges:

well, yes, that is the way to do it.

you have made a one-to-one translation, meaning all connections to the IP 64.94.100.25 will be redirected to 192.168.0.10.


I would instead do:

ip nat inside source static tcp 192.168.0.10 80 64.94.100.25


this way, you only forward port 80 and thereby making it a bit more secure.


now, to your problem.. you are testing it from the "outside", right?

You cannot access the external address when you are on the inside of the NAT..

thisisshanky Thu, 10/16/2003 - 07:44
User Badges:
  • Purple, 4500 points or more

You should be trying this from the outside.


As from the other post, you necessarily dont need a specify tcp static mapping on port 80. The one you have configured is enough. But this will allow incoming connections on all ports to the server. So its better to statically map those port/ip address combinations, that are needed. (tcp port 80 in this case)

paarlberg Tue, 10/28/2003 - 10:02
User Badges:

I have run into this problem today as well..


I am using putty to connect to a Linux server behind NAT. I get the following error:


2003-10-28 19:57:35 Looking up host "999.999.999.46"

2003-10-28 19:57:35 Connecting to 999.999.999.46 port 22

2003-10-28 19:57:56 Network error: Connection timed out


However I am able to ping the inside server from the router.


My config info:


ip nat inside source static tcp 192.168.1.254 22 999.999.999.46 22 extendable


NAT is functioning perfectly form the inside out.


Actions

This Discussion