Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

local port forwarding from nat

Hi All,

I'm wondering how I go about solving port forwarding from the LAN when using a public ip address.

I've setup a Cisco 2911 to NAT certain ports to various internal ip address via this command 

     ip nat inside source static tcp 192.168.1.200 80 some.internet.ip.address 80 extendable

This works fine from outside (public internet) and the port is forwarded correctly.  

However any internal IP's are sent to the Cisco router instead of the 192.168.1.200 when they use the "some.internet.ip.address".

I could in theory update the DNS to use the internal IP but I'm wondering if there is another way around this?   Maybe the reverse of the command?

Thanks

Everyone's tags (4)
7 REPLIES
Purple

local port forwarding from nat

Hi,

configuring NAT NVI should let you do NAT hairpinning like you want to.

int x/x

no ip nat in

ip nat enable

no ip redirect

int y/y

no ip nat out

ip nat enable

no ip redirect

no ip nat inside source static tcp 192.168.1.200 80 some.internet.ip.address 80 extendable

ip nat  source static tcp 192.168.1.200 80 some.internet.ip.address 80 extendable

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Community Member

local port forwarding from nat

Hello,

the best way to do this is update your DNS, however either you can configure NVI nat or can configure NAT hairpinning to make it work with legacy nat.

sample config on NATROUTER:

interface FastEthernet0/1

description "internal interface"

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface FastEthernet0/0

description "outside interface"

ip address 202.2.2.1 255.255.255.252

ip nat outside

 

ip nat pool public 202.2.2.129 202.2.2.254 prefix-length 25

ip nat inside source list 101 pool public overload

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

sample config on NATROUTER:

interface FastEthernet0/1

description "internal interface"

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface FastEthernet0/0

description "outside interface"

ip address 202.2.2.1 255.255.255.252

ip nat outside

interface Loopback0

ip address 10.1.1.1 255.255.255.0

ip nat outside

ip nat pool public 202.2.2.129 202.2.2.254 prefix-length 25  

ip nat pool INTERNAL 10.1.1.2 10.1.1.254 prefix-length 24

ip nat inside source list 101 pool public overload

ip nat inside source static 192.168.1.200 202.2.2.222

ip nat outside source list 102 pool INTERNAL

access-list 101 deny  ip 192.168.1.0 0.0.0.255 host 202.2.2.222

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 permit ip 192.168.1.0 0.0.0.255 host 202.2.2.222

ip route 202.2.2.222 255.255.255.255 10.1.1.2

Thanks

Vinod

Community Member

local port forwarding from nat

Thanks Cadet.

I'll give it a retry.

I;m assuming the key commands are :

no ip redirect

ip nat  source static tcp 192.168.1.200 80 some.internet.ip.address 80 extendable

Purple

local port forwarding from nat

Hi Ron,

The key here is no more nat inside/nat outside just ip nat enable on the interfaces and no more inside keyword in the static nat.I've never tried without no ip redirect but I think it won't work without if I reckon correctly.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Community Member

local port forwarding from nat

cadet alain I didn't know that the 'inside' keyword in the static nat and nat inside/nat outside are deprecated!

I ended here after searching a solution about accessing my local server. I wonder how can someone get a briefing when Cisco makes such major changes. It's not good to spend half an hour for something so simple.

Thanks.

Cisco Employee

local port forwarding from nat

Aristeidis,

The inside keyword is not deprecated. The way of configuring NAT without inside/outside designations is a different approach to NAT and stands in parallel to the existing NAT functionality.

Best regards,

Peter

Community Member

local port forwarding from nat

Peter sorry, i thought it was deprecated because it didn't work just in my case.

4867
Views
0
Helpful
7
Replies
CreatePlease to create content