Cisco IOS: Can't access forwarded ports on local network
I have an 1811 router running IOS c181x-advipservicesk9-m 12.4(9)T5. I have a cable modem connected to Fa0 and computers connected to ports Fa2-9 (switch ports). I forwarded port 80 to my HTTP server. I can't connect to it through my WAN IP address from my local network. However, I can connect to it if I'm at a remote network.
I'm assuming this is the correct command (I have a DHCP IP address from my ISP, so I can't use a static address):
ip nat inside source static tcp 10.0.0.10 80 interface FastEthernet0 80
If I nmap scan my WAN IP (pretend it's 18.104.22.168) from a computer connected to the 1811:
nmap -p 80 22.214.171.124
80/tcp closed http
However, if I go into my VPS (hosted far away, not on my network):
nmap -p 80 126.96.36.199
80/tcp open http
To make sure it wasn't something with nmap, I also tried telnetting to port 80 (telnet 188.8.131.52 80) on a local computer and again on my VPS. I can't connect to it on a local computer, but I can connect from the VPS.
Why can't I access port 80 when I'm on my local network? Could someome shed some light on this strange issue?
I can't connect to it through my WAN IP address from my local network - Yes you cant connect using WAN IP address from your local LAN , because your NAT statement takes into action only for the traffic originating from outside to inside traffic , not for IP traffic originating inside to inside .
when you try accessing your WAN IP address from your local segment , during this time you are trying to take HTTP service from your router , not from your server . Because your NAT action does not comes into place .
Since router doesnt have HTTP service . IT drop the connection
Below is reset message from router
1. The requesting port or connection does not exist on this device. TCP sends back a RST+ACK and drops the segment.
Router#show running-config Building configuration...
Current configuration : 752 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec ! ! ! interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside duplex auto speed auto ! interface GigabitEthernet0/1 ip address dhcp ip nat outside duplex auto speed auto ! interface Vlan1 no ip address shutdown
ip nat inside source static tcp 10.0.0.10 80 184.108.40.206 80 ip classless ! ! !
Router#show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 220.127.116.11:80 10.0.0.10:80 --- ---
You need to access only via real IP Address 10.0.0.10:80 not with NAT IP Address
Hi Sandy. Thanks for your response.
I understand that I can connect to my local server (10.0.0.10) on port 80, but I need to be able to connect via the WAN IP address (IIS web server uses virtual hosts). I believe this is called hairpinning (http://en.wikipedia.org/wiki/Hairpinning). When I do port forwarding on cheap Linksys residential routers, I'm able to connect to the port via the WAN IP, so I'd be surprised if a Cisco IOS router can't do it.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.