internal ip addresses

lchrebor · ‎05-24-2002

Hi everybody

mljohnson · ‎05-24-2002

Hi.

You may want to repost your question.

lchrebor · ‎05-27-2002

here it is, this time...

might be a silly question, though...

I've got a 827 router connected via a dsl line with a unique IP@. I can see the outside from the internal network, but how can I see the inside from the outside ? In other words, i'd like to redirect trafic from outside to a machine situated on the inside network.

I'm not sure what command to use and I'm getting a bit desperate, or my client is anyway.

IOS ver is 12.2

thxs for ur help.

Faraz Shamim · ‎05-27-2002

It seems like you are most pronbably doing Network Address Transalation(NAT). If you are using a private address inside like 10.x.x.x then you can not talk to machines inside from outside. You have two options:

1. Talk to you DSL provider and get a static public ip address

or

2. Talk to the DSL provider and have them do static translation of your ip address. In some cases NAT does not work so your best option is 1.

Faraz

klouthan · ‎05-27-2002

Hmmm, faraz is a ccie....

maybe he should stick to ospf questions....

or a third option.

use inbound port address translation.

I do it all of the time for hosting servers on my network.

ip nat inside source static tcp 192.168.1.10 3782 interface Dialer1 3782

ip nat inside source static tcp 192.168.1.10 3783 interface Dialer1 3783

ip nat inside source static udp 192.168.1.10 3783 interface Dialer1 3783

ip nat inside source static udp 192.168.1.10 3782 interface Dialer1 3782

ip nat inside source static udp 192.168.1.10 27960 interface Dialer1 27960

as you can see here I have a roger wilco server and a quake 3 server setup.

192.168.1.10 is my internal machine that is actually running the server.

I am running outbound pat as well :

ip nat inside source route-map traffic interface Dialer1 overload

which is tied to :

route-map traffic permit 10

match ip address 135

which is tied to :

access-list 135 remark ********Internet Traffic Used in route-map traffic/NAT

access-list 135 deny ip 192.168.1.0 0.0.0.63 10.0.0.0 0.255.255.255

access-list 135 deny ip 192.168.1.0 0.0.0.63 172.16.0.0 0.15.255.255

access-list 135 deny ip 192.168.1.0 0.0.0.63 192.168.0.0 0.0.255.255

access-list 135 permit ip 192.168.1.0 0.0.0.63 any

lchrebor · ‎06-05-2002

Hi faraz,

I've got a static public address given by the provider.

But I thought that maybe one could redirect the trafic from this public address to a private address even when using nat, a bit like on a firewall.

Am I wrong, and if not, how can I conf the router ?

thxs for ur help

Faraz Shamim · ‎06-05-2002

Hi Lionel,

AFter that you would have to configure 3 things:

1. configure "ip nat inside" on your ethernet interface of 827

2. configure "ip nat outside" on your DSL interface of 827

3. configure "ip nat inside source static x.x.x.x y.y.y.y" globaly.

where x.x.x.x is the ip address of your internal server and y.y.y.y is the static ip address of your dsl interface.

Hope that helps,

Faraz

klouthan · ‎05-27-2002

I am running a 806...

I can only imagine the looks you will get if you try option number 2.

LOL

as for your dynamic address....

get a free account with a dynamic dns service and just point everybody at the name instead of the ip address. There is no need for a static address anymore. http://www.dyndns.org comes to mind. Just load the client and it will keep your dns entry updated for you automatically.