natting

carl_townshend · ‎02-18-2006

Is it possible to use nat and pat on the same wan ip, i.e could I nat a certain lan address to my wan address and also use pat on it ? also if I natted my lan address to my wan isp address would it be possible to ping my machine fromthe outside world ?

vladrac-ccna · ‎02-18-2006

I could not understand exactly what you are asking here, but NAT overloading or PAT could be used to NAT a single interface IP (your wan IP) to many hosts on your LAN.

"Overloading—a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address (many to one) using different ports. This method is also known as port address translation (PAT). By using PAT (NAT Overload), thousands of users can be connected to the Internet using only one real global IP address.

"

check this link:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiad_c/ch20/ntbaddrs.htm#wp1047771

For the second question, yes there are ways to make an internal host reachable from outside (most networks do this).

check the link:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiad_c/ch20/ntbaddrs.htm#wp1048826

If this helps, plz rate this post.

Regards,

Vlad

ekiriakos · ‎02-19-2006

Hi,

It is possible to do this. Assume you have an internal lan segment 192.168.0.0/24 and your external interface has say, 192.10.10.1. Now assume that you have an internal server 192.168.0.10 running http and smtp services that you want it to be visible from the outside using 192.10.10.1. Also all other users on the internal net should have access to the intenet.

The config is as follows:

Int s0

desc "external"

ip nat ouside

int e0

desc "internal"

ip nat inside

ip nat inside source list INTERNAL_NETS int s0 overload

ip access-list stand INTERNAL_NETS

permit 192.168.0.0 0.0.0.255

ip nat inside source static tcp 192.168.0.10 80 192.10.10.1 80 extendable

ip nat inside source static tcp 192.168.0.10 25 192.10.10.1 25 extendable

HTH

E.

carl_townshend · ‎02-20-2006

Hi There , thanks for the reply, firstly can you tell me why the extenable command i used ? also if I just did a direct static nat translation to my lan address, would it be possible for the outside world to see say my c drive ?

ekiriakos · ‎02-20-2006

Hi,

You can find more details:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfipadr.htm#wp1060550

The extendable keyword instructs the router to forward incoming traffic to the WAN interface on a certain port (like in the example, smtp=25 etc) to a particular internal IP address.

In answer to your question if you allow the right protocols in the command then I suppose it is possible, but you probably wouldn't want to do that. You would normally do this for services that you want accessible from the outside and normally located in a dmz.

HTH

E.

ekiriakos · ‎02-20-2006

Hi,

You can find more details:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipras_r/1rfipadr.htm#wp1060550

The extendable keyword instructs the router to forward incoming traffic to the WAN interface on a certain port (like in the example, smtp=25 etc) to a particular internal IP address.

In answer to your question if you allow the right protocols in the command then I suppose it is possible, but you probably wouldn't want to do that. You would normally do this for services that you want accessible from the outside and normally located in a dmz.

HTH

E.