cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
412
Views
0
Helpful
6
Replies

Can't see my own sites from inside the local area network

tgbnji
Level 1
Level 1

I have just installed and configured a Cisco 828 router with a nat table

pointing to a server on the local network. When I try to access some of the

sites on the server from outside the local network everything works ok, but

I cant see them from the inside of the local network.

What can be wrong?

Regards Tim

6 Replies 6

Hello Tim,

can you post the configuration of the 828 ? Can the local hosts ping the sites (just wanting to make sure that it is not a DNS-related problem) ?

Regards,

GP

See logfile below. My webserver is at 192.168.1.10

Regards

Terminal log file

Date: 16-12-2003 - 13:48:29

-----------------------------------------------

XXXXXX#show running-config

Building configuration...

Current configuration : 4220 bytes

!

! No configuration change since last restart

!

version 12.3

no parser cache

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname XXXXXX

!

boot-start-marker

boot-end-marker

!

logging buffered 8192 debugging

logging console warnings

enable secret 5 XXXXXX

!

clock timezone CET+1 1

no aaa new-model

ip name-server 212.54.64.170

ip name-server 212.54.64.171

ip dhcp excluded-address 192.168.1.2

!

ip dhcp pool 828

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server x.x.x.x 212.54.64.171

lease 0 1

!

no ip bootp server

ip cef

!

!

!

!

!

!

interface Loopback0

no ip address

!

interface Ethernet0

192.168.1.1 255.255.255.0

ip nat inside

no keepalive

hold-queue 100 out

!

interface ATM0

no ip address

atm ilmi-keepalive

pvc 0/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

bundle-enable

dsl equipment-type CPE

dsl operating-mode GSHDSL symmetric annex B

dsl linerate AUTO

!

interface Dialer0

ip address negotiated

ip access-group 100 in

ip nat outside

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp pap sent-username XXXXXX password XXXXXX

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.10 80 interface Dialer0 80

ip nat inside source static 192.168.1.2 62.79.156.135 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 100 deny icmp any any redirect

access-list 100 deny udp any any eq 19

access-list 100 deny tcp any any eq 31 syn

access-list 100 deny tcp any any eq 41 syn

access-list 100 deny tcp any any eq 58 syn

access-list 100 deny tcp any any eq 90 syn

access-list 100 deny tcp any any eq 121 syn

access-list 100 deny udp any any eq 135

access-list 100 deny tcp any any eq 135 syn

access-list 100 deny udp any any range 136 140

access-list 100 deny tcp any any range 136 140 syn

access-list 100 deny tcp any any eq 421 syn

access-list 100 deny tcp any any eq 456 syn

access-list 100 deny tcp any any eq 531 syn

access-list 100 deny tcp any any eq 555 syn

access-list 100 deny tcp any any eq 911 syn

access-list 100 deny tcp any any eq 999 syn

access-list 100 deny udp any any eq 1349

access-list 100 deny udp any any eq 6838

access-list 100 deny udp any any eq 8787

access-list 100 deny udp any any eq 8879

deny udp any any eq 9325

access-list 100 deny tcp any any eq 12345 syn

access-list 100 deny udp any any eq 31335

access-list 100 deny udp any any eq 31337

access-list 100 deny udp any any eq 31338

access-list 100 deny udp any any eq 54320

access-list 100 deny udp any any eq 54321

access-list 100 permit ip any any

dialer-list 1 protocol ip permit

!

line con 0

exec-timeout 60 0

password X XXXXXX login

transport preferred all

transport output all

stopbits 1

line vty 0 4

exec-timeout 60 0

password X XXXXXX login

transport preferred all

transport input all

output all

!

scheduler max-task-time 5000

sntp server x.x.64.202

sntp server x.x.64.203

!

end

Hello,

can the local hosts, those that cannot reach the websites, ping the DNS servers 212.54.64.170 and 212.54.64.171 ?

Regards,

Georg

Yes - they can.

I have today upgraded from a 677 (ADSL) router to a 828 (G.SHDSL) and a supporter at my ISP has just told me that the 828 router acts different than the 677 and that the only way to access my webserver from inside the local network - preserving the hostheaders - is to set up a local dns server.

Can anyone explain that to me? Why dident I need that with the 677?

Regards Tim

Hello,

the 828 supports transparent use of the Domain Name Server (DNS) mechanism for outside hosts requests. This means that NAT does not interfere with host name look-ups such as CISCO.COM. However, for hosts inside the SOHO network's private address space, a DNS server (or LMHOSTS file) is required in the SOHO network to resolve host names automatically.

Regards,

Georg

Yes - I see it now.

It just surprices me I dident have the problem with the 677 router.

Regards

Tim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco