IP NAT to Web Server

woodjl1650 · ‎01-19-2012

I have been trying all night to try and get my IP NAT working so that when I type in my web address, I get my server and not my router. I use godaddy.com as my host, so I already have it pointing to my WAN IP. But when I type the address in, I get my SDM login and not my web server. Here is what I have:

WebServer: 192.168.2.127 / 192.168.2.128

Cisco 3640: FE0/0 - WAN IP (DHCP from provider)

FE0/1 - 192.168.2.1 (inside network)

Router config:

User Access Verification

Username: woodjl1650

Password:

3640-Internet#show run

Building configuration...

Current configuration : 1725 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3640-Internet

!

boot-start-marker

boot system flash:1

boot system flash c3640-ik9o3s-mz.124-7h.bin

boot-end-marker

!

no aaa new-model

memory-size iomem 25

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool 192.168.2.0/24

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 8.8.8.8 8.8.4.4

!

username *******************************************

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

clock rate 2000000

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip http server

ip http authentication local

!

ip forward-protocol nd

!

ip nat inside source list 15 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.127 25 interface FastEthernet0/0 25

ip nat inside source static tcp 192.168.2.127 80 interface FastEthernet0/0 80

!

access-list 15 permit 192.168.2.0 0.0.0.255

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

control-plane

!

dial-peer cor custom

!

gatekeeper

shutdown

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

end

3640-Internet#

cadet alain · ‎01-19-2012

Hi,

So you're trying with FQDN like I suggested? and it isn't working?

Can you provide your IOS version?

Regards.

Alain

Don't forget to rate helpful posts.

woodjl1650 · ‎01-19-2012

12.4

FQDN - from the godaddy.com DNS Manager, yes.

A	@	68.224.240.31
CNAME	email	hostmaster.jkkcc.com
CNAME	ftp	@
CNAME	imap	@
MX	@	mail.jkkcc.com
MX	@	mail.jkkcc.com

cadet alain · ‎01-19-2012

Hi,

what does a nslookup on a host gives for the FQDN ?

Regards.

Alain

Don't forget to rate helpful posts.

woodjl1650 · ‎01-19-2012

NSLOOKUP done on my laptop connected to my LAN:

C:\Users\Jonathan's Laptop>nslookup www.jkkcc.com

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

Name: jkkcc.com

Address: 68.224.240.31

Aliases: www.jkkcc.com

I use google's DNS server's 8.8.8.8 and 8.8.4.4

Can you try going to www.jkkcc.com and see if you get the SDM login or if you get something else?

woodjl1650 · ‎01-19-2012

Does anyone have any idea on how to have the web server show up when the web address in inputed? As you can see above, it all looks right, just not happening.

Could I possible create a DMZ on the 3640? I have a few extra ethernet ports I could use, just not sure how to configure it. Any help would be greatly appricated.

cadet alain · ‎01-20-2012

Hi,

I entered the url in my browser but got a connection reset by server.

Can you try enabling https and disabling http on the router and try again.

Regards.

Alain

Don't forget to rate helpful posts.

Neeraj Arora · ‎01-20-2012

Jonathan,

Can you issue the command on the router:

telnet 192.168.2.127 80 /source-interface fa0/0

If this does not work, that means port 80 is not opened/hosted on the server itself, and it will not work from Internet as well

Or another reason could be that the Default gateway on the server is not configured as 192.168.2.1, check that as well.

From outside, even I tried to open http://68.224.240.31 & http://jkkcc.com but no SDM opened up. So you should check on the router "sh ip nat translation" to see if translations are happening or not.

Hope it helps.

Neeraj

woodjl1650 · ‎01-21-2012

I doesn't seem like that NAT is happening. Anyway you could assist with figuring this out?

Here is the sh ip nat translation:

[Connection to 192.168.2.127 closed by foreign host]

3640-Internet#telnet 192.168.2.127 80 /source-interface fa0/0

3640-Internet#sh ip nat translation

Pro Inside global Inside local Outside local Outside global

tcp 68.224.240.31:3370 192.168.2.105:3370 50.18.50.50:443 50.18.50.50:443

udp 68.224.240.31:60132 192.168.2.152:60132 8.8.8.8:53 8.8.8.8:53

tcp 68.224.240.31:61792 192.168.2.122:61792 63.80.138.51:80 63.80.138.51:80

udp 68.224.240.31:60576 192.168.2.122:60576 192.168.5.101:161 192.168.5.101:161

tcp 68.224.240.31:38677 192.168.2.153:38677 74.125.45.188:5228 74.125.45.188:522

8

tcp 68.224.240.31:60453 192.168.2.164:60453 65.55.236.179:443 65.55.236.179:443

tcp 68.224.240.31:38826 192.168.2.153:38826 74.125.81.141:80 74.125.81.141:80

tcp 68.224.240.31:62967 192.168.2.122:62967 64.4.61.209:80 64.4.61.209:80

tcp 68.224.240.31:59660 192.168.2.153:59660 74.125.224.176:80 74.125.224.176:80

udp 68.224.240.31:59043 192.168.2.122:59043 94.245.121.251:3544 94.245.121.251:3

544

tcp 68.224.240.31:59002 192.168.2.152:59002 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59004 192.168.2.152:59004 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59005 192.168.2.152:59005 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59006 192.168.2.152:59006 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59008 192.168.2.152:59008 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59009 192.168.2.152:59009 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59010 192.168.2.152:59010 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59012 192.168.2.152:59012 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:55992 192.168.2.153:55992 74.125.239.17:443 74.125.239.17:443

tcp 68.224.240.31:59013 192.168.2.152:59013 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59014 192.168.2.152:59014 17.158.52.35:443 17.158.52.35:443

Pro Inside global Inside local Outside local Outside global

tcp 68.224.240.31:59016 192.168.2.152:59016 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:54314 192.168.2.153:54314 74.125.239.16:80 74.125.239.16:80

tcp 68.224.240.31:60428 192.168.2.164:60428 64.4.34.177:1863 64.4.34.177:1863

tcp 68.224.240.31:59022 192.168.2.152:59022 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59030 192.168.2.152:59030 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59032 192.168.2.152:59032 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59033 192.168.2.152:59033 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59034 192.168.2.152:59034 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59036 192.168.2.152:59036 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59037 192.168.2.152:59037 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59019 192.168.2.152:59019 17.158.52.68:443 17.158.52.68:443

tcp 68.224.240.31:59020 192.168.2.152:59020 17.158.52.68:443 17.158.52.68:443

tcp 68.224.240.31:59021 192.168.2.152:59021 17.158.52.69:443 17.158.52.69:443

tcp 68.224.240.31:59079 192.168.2.152:59079 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59081 192.168.2.152:59081 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59082 192.168.2.152:59082 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59095 192.168.2.152:59095 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59097 192.168.2.152:59097 17.158.52.35:443 17.158.52.35:443

udp 68.224.240.31:55505 192.168.2.123:55505 65.55.158.118:3544 65.55.158.118:354

4

tcp 68.224.240.31:59098 192.168.2.152:59098 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59103 192.168.2.152:59103 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59105 192.168.2.152:59105 17.158.52.35:443 17.158.52.35:443

Pro Inside global Inside local Outside local Outside global

tcp 68.224.240.31:59106 192.168.2.152:59106 17.158.52.35:443 17.158.52.35:443

tcp 68.224.240.31:59101 192.168.2.152:59101 17.158.52.69:443 17.158.52.69:443

tcp 68.224.240.31:59993 192.168.2.153:59993 74.125.224.146:443 74.125.224.146:44

3

tcp 68.224.240.31:46529 192.168.2.153:46529 72.5.78.57:9011 72.5.78.57:9011

tcp 68.224.240.31:59622 192.168.2.153:59622 74.125.127.188:5228 74.125.127.188:5

228

tcp 68.224.240.31:4553 192.168.2.108:4553 50.18.50.50:443 50.18.50.50:443

tcp 68.224.240.31:50420 192.168.2.154:50420 8.18.25.7:443 8.18.25.7:443

tcp 68.224.240.31:25 192.168.2.127:25 --- ---

tcp 68.224.240.31:59011 192.168.2.152:59011 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:59031 192.168.2.152:59031 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:59039 192.168.2.152:59039 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:80 192.168.2.127:80 --- ---

tcp 68.224.240.31:59080 192.168.2.152:59080 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:63722 192.168.2.164:63722 65.55.236.161:443 65.55.236.161:443

tcp 68.224.240.31:59091 192.168.2.152:59091 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:63730 192.168.2.164:63730 65.55.236.159:443 65.55.236.159:443

tcp 68.224.240.31:59096 192.168.2.152:59096 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:63720 192.168.2.164:63720 65.55.236.173:443 65.55.236.173:443

tcp 68.224.240.31:63721 192.168.2.164:63721 65.55.236.173:443 65.55.236.173:443

tcp 68.224.240.31:59104 192.168.2.152:59104 17.158.52.46:993 17.158.52.46:993

tcp 68.224.240.31:4779 192.168.2.109:4779 50.18.50.50:443 50.18.50.50:443

Pro Inside global Inside local Outside local Outside global

tcp 68.224.240.31:50416 192.168.2.154:50416 63.80.4.56:80 63.80.4.56:80

tcp 68.224.240.31:54640 192.168.2.153:54640 74.125.224.146:80 74.125.224.146:80

tcp 68.224.240.31:4850 192.168.2.107:4850 50.18.50.50:443 50.18.50.50:443

tcp 68.224.240.31:4871 192.168.2.106:4871 50.18.50.50:443 50.18.50.50:443

tcp 68.224.240.31:55774 192.168.2.153:55774 74.125.227.83:443 74.125.227.83:443

tcp 68.224.240.31:61197 192.168.2.122:61197 17.149.36.167:5223 17.149.36.167:522

3

tcp 68.224.240.31:35614 192.168.2.153:35614 72.5.78.63:80 72.5.78.63:80

tcp 68.224.240.31:54974 192.168.2.153:54974 74.125.239.16:443 74.125.239.16:443

tcp 68.224.240.31:41860 192.168.2.153:41860 74.125.127.188:5228 74.125.127.188:5

228

udp 68.224.240.31:60612 192.168.2.164:60612 65.55.158.118:3544 65.55.158.118:354

4

tcp 68.224.240.31:43981 192.168.2.153:43981 72.5.78.64:80 72.5.78.64:80

tcp 68.224.240.31:50199 192.168.2.153:50199 72.5.78.63:80 72.5.78.63:80

cadet alain · ‎01-21-2012

Hi,

to verify if port 80 is opened on the inside machine I would simply telnet to port 80 not specifying the outside interface as source.

and if you want to test the NAT just simply do a debug ip nat while connecting from otside to the public ip address.

Regards.

Alain

Don't forget to rate helpful posts.

woodjl1650 · ‎01-21-2012

Just did a port scan, and for some reason 80 is closed. Does the router need to configured to open port 80 or is that on the server end?

jasonpullar · ‎01-21-2012

depends as per

Jan 21, 2012 9:30 AM (in response to Jonathan Wood)

IP NAT to Web Server

Hi,

to verify if port 80 is opened on the inside machine I would simply telnet to port 80 not specifying the outside interface as source.

and if you want to test the NAT just simply do a debug ip nat while connecting from otside to the public ip address.

Regards.

Alain

and can you hit the webpage internally from a PC?

let us know if that fixes it please give credit to Alain

woodjl1650 · ‎01-22-2012

I have tried everything I could possibily think of and I still can't seem to get port 80 open on the windows 2008 server. I modified the firewall, it says it;s open...but when I try to telnet into it, nothing. Ran a port scan and it reports as closed. Followed several insturctions on how to open it, but nothing. The thing that bugs me, is that even if port 80 is closed, shouldn't I get and IE error and not pushed to the router SDM page?

As far as the A record with www.godaddy.com goes, that looks good too, the host is setup as the WAN IP address, so if everything is configured right, when I type in my web name, I should get the web server and not the router correct? Or am I messing something simple up?

Any advice?

Thanks for the help thus far....