Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Problem with a website port forwarding on a different port

I have recently come back to the world of Cisco firewalls and asked to set up a port forwarding

rule for two ports to access an internal webserver from the outside on ports 8181 and 8282.

I have added the rules:

static (inside,outside) tcp extranet 8181 192.168.0.33 8181 netmask 255.255.255.255 0 0

static (inside,outside) tcp extranet 8282 192.168.0.33 8282 netmask 255.255.255.255 0 0

and:

access-list allow-in permit tcp any host extranet eq 8181

access-list allow-in permit tcp any host extranet eq 8282

'extranet' is defined earlier in the config with the external IP address and was always there and presently works with other rules.

However when trying to access the webpage from the outside the browser just times out.

I'm probably being a numpty here and have missed something or made a simple error.

Can anyone help my vague request?

Marky

3 REPLIES
Cisco Employee

Re: Problem with a website port forwarding on a different port

Does the page load internally?

Meaning when you use a host in the 192.168.0.0/24

subnet are you able to open the browser and go to http:// 192.168.0.33:8181 and http:// 192.168.0.33:8282

and it works?

-KS

Community Member

Re: Problem with a website port forwarding on a different port

Yes!  The website works internally when accessed through the browser.

Cisco Employee

Re: Problem with a website port forwarding on a different port

Pls. verify if the acl sees any hit counts.

What do the logs say?

conf t

logging enable

logging buffered 7

exit

sh logg | i 192.168.x.33

What other ports does this server listen on that is working from the outside? Issue "sh run static" and make sure you do not have any incorrect static.

-KS

377
Views
0
Helpful
3
Replies
CreatePlease to create content