06-28-2006 01:29 PM - edited 03-03-2019 01:10 PM
Hi,
I 'm planing to set up a configuration with SOHO 91 for remote users to access a web server (with private ip address) on my LAN. I have a single public IP for the router outside interface. The question is : can I set up a nat rule translating outgoing trafic with the public interface IP and incoming traffic to the public ip into the private server ip ?
Example :
interface ethernet 0
ip address A.B.C.D
ip nat inside
interface ethernet 1
ip address [public_ip]
ip nat outside
ip nat inside source static [server_ip] [public_ip]
Will this work ? In particular, can a remote user access my server using my public ip ?
Thank you for the help !
Solved! Go to Solution.
06-28-2006 09:54 PM
Hi
int eth 0
ip add 192.168.1.1 255.255.255.0
ip nat inside
int eth 1
ip add 10.0.0.1 255.0.0.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable
ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool TEST overload
Regards
JD
06-28-2006 02:56 PM
Yes, but you need to do the following:
ip nat inside source static tcp [server_ip] [L4_port] [public_ip] [L4_port]
The command says that any [L4_port] traffic that is destined to [public_ip] do an address translation to [server_ip] [L4_port]. Since you are accessing a web server it will be port 80 or http.
ip nat inside source static tcp [server_ip] 80 [public_ip] 80
Please rate all posts.
06-28-2006 09:54 PM
Hi
int eth 0
ip add 192.168.1.1 255.255.255.0
ip nat inside
int eth 1
ip add 10.0.0.1 255.0.0.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable
ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool TEST overload
Regards
JD
07-01-2006 02:47 AM
OK.
Thank you all
07-05-2006 05:54 AM
Hi,
My question is very similar so haven't created new thread.
What happens in the scenario where, as in Mathias's example, you have static inbound NAT, for example:
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
ip nat inside source static tcp 192.168.10.11
ip nat inside source static tcp 192.168.10.12
ip nat inside source static tcp 192.168.10.13
!
Is there a way of connecting to a.b.c.d via telnet, for management. The static NAT statements seem to have broken this. Is there a way of specifying a 'default' behaviour when specifying a port not mentioned above?
Also, what does the 'extendable' keyword mean exactly?
Thanks,
Mark
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide