Solved: incoming traffic redirection

mberthelot · ‎06-28-2006

Hi,

I 'm planing to set up a configuration with SOHO 91 for remote users to access a web server (with private ip address) on my LAN. I have a single public IP for the router outside interface. The question is : can I set up a nat rule translating outgoing trafic with the public interface IP and incoming traffic to the public ip into the private server ip ?

Example :

interface ethernet 0

ip address A.B.C.D

ip nat inside

interface ethernet 1

ip address [public_ip]

ip nat outside

ip nat inside source static [server_ip] [public_ip]

Will this work ? In particular, can a remote user access my server using my public ip ?

Thank you for the help !

desai.jaideep · ‎06-28-2006

Hi

int eth 0

ip add 192.168.1.1 255.255.255.0

ip nat inside

int eth 1

ip add 10.0.0.1 255.0.0.0

ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable

ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0

ip nat inside source list 1 pool TEST overload

Regards

JD

View solution in original post

Roberto Salazar · ‎06-28-2006

Yes, but you need to do the following:

ip nat inside source static tcp [server_ip] [L4_port] [public_ip] [L4_port]

The command says that any [L4_port] traffic that is destined to [public_ip] do an address translation to [server_ip] [L4_port]. Since you are accessing a web server it will be port 80 or http.

ip nat inside source static tcp [server_ip] 80 [public_ip] 80

Please rate all posts.

desai.jaideep · ‎06-28-2006

Hi

int eth 0

ip add 192.168.1.1 255.255.255.0

ip nat inside

int eth 1

ip add 10.0.0.1 255.0.0.0

ip nat outside

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source static tcp 192.168.1.1 80 10.0.0.1 80 extendable

ip nat pool TEST 10.0.0.1 10.0.0.1 netmask 255.0.0.0

ip nat inside source list 1 pool TEST overload

Regards

JD

mberthelot · ‎07-01-2006

OK.

Thank you all

UTVi-NetAdmin · ‎07-05-2006

Hi,

My question is very similar so haven't created new thread.

What happens in the scenario where, as in Mathias's example, you have static inbound NAT, for example:

!

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 permit 192.168.10.0 0.0.0.255

!

ip nat inside source static tcp 192.168.10.11 10001 extendable

ip nat inside source static tcp 192.168.10.12 10002 extendable

ip nat inside source static tcp 192.168.10.13 10003 extendable

!

Is there a way of connecting to a.b.c.d via telnet, for management. The static NAT statements seem to have broken this. Is there a way of specifying a 'default' behaviour when specifying a port not mentioned above?

Also, what does the 'extendable' keyword mean exactly?

Thanks,

Mark