06-28-2006 01:29 PM - edited 03-03-2019 01:10 PM
Hi,
I 'm planing to set up a configuration with SOHO 91 for remote users to access a web server (with private ip address) on my LAN. I have a single public IP for the router outside interface. The question is : can I set up a nat rule translating outgoing trafic with the public interface IP and incoming traffic to the public ip into the private server ip ?
Example :
interface ethernet 0
ip address A.B.C.D
ip nat inside
interface ethernet 1
ip address [public_ip]
ip nat outside
ip nat inside source static [server_ip] [public_ip]
Will this work ? In particular, can a remote user access my server using my public ip ?
Thank you for the help !
Solved! Go to Solution.
06-28-2006 09:54 PM
Hi
int eth 0
ip add 192.168.1.1 255.255.255.0
ip nat inside
int eth 1
ip add 10.0.0.1 255.0.0.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable
ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool TEST overload
Regards
JD
06-28-2006 02:56 PM
Yes, but you need to do the following:
ip nat inside source static tcp [server_ip] [L4_port] [public_ip] [L4_port]
The command says that any [L4_port] traffic that is destined to [public_ip] do an address translation to [server_ip] [L4_port]. Since you are accessing a web server it will be port 80 or http.
ip nat inside source static tcp [server_ip] 80 [public_ip] 80
Please rate all posts.
06-28-2006 09:54 PM
Hi
int eth 0
ip add 192.168.1.1 255.255.255.0
ip nat inside
int eth 1
ip add 10.0.0.1 255.0.0.0
ip nat outside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable
ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0
ip nat inside source list 1 pool TEST overload
Regards
JD
07-01-2006 02:47 AM
OK.
Thank you all
07-05-2006 05:54 AM
Hi,
My question is very similar so haven't created new thread.
What happens in the scenario where, as in Mathias's example, you have static inbound NAT, for example:
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
ip nat inside source static tcp 192.168.10.11
ip nat inside source static tcp 192.168.10.12
ip nat inside source static tcp 192.168.10.13
!
Is there a way of connecting to a.b.c.d via telnet, for management. The static NAT statements seem to have broken this. Is there a way of specifying a 'default' behaviour when specifying a port not mentioned above?
Also, what does the 'extendable' keyword mean exactly?
Thanks,
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: