12-06-2013 01:24 PM - edited 03-04-2019 09:47 PM
I have Fiber internet through my ISP they issued me 5 IP addresses. The IP address info is below in the diagram. I have 4 web servers and setup static IP address on each of them 192.168.1.101 ~ 192.168.1.104. I want to make it so when I go to each of the public IP address it routes to one of the 4 servers like shown below. I have tried NAT forwarding but can't seem to get it to work. Any help would be appreciated.
Solved! Go to Solution.
12-06-2013 04:37 PM
Your router has that address. If you want that address to go to your web server, you need to change your nat statement to forward only port 80 and 443 to your internal server:
ip nat inside source static tcp 192.168.1.100 80 68.68.85.80 80
ip nat inside source static tcp 192.168.1.100 443 68.68.85.80 443
It should forward correctly after that.
HTH,
John
*** Please rate all useful posts ***
12-06-2013 01:30 PM
Andrew
Perhaps you could post your router config with the NAT that didn't work.
Jon
12-06-2013 01:30 PM
Post your config so we can see what you have so far please.... You can remove public addresses....
HTH,
John
*** Please rate all useful posts ***
12-06-2013 01:50 PM
Thanks guys the running-config is below.
Current configuration : 913 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 68.67.85.80 255.0.0.0
ip nat outside
duplex auto
speed auto
ipv6 ospf cost 1
!
interface Serial2/0
no ip address
shutdown
!
interface Serial3/0
no ip address
shutdown
!
interface FastEthernet4/0
no ip address
shutdown
!
interface FastEthernet5/0
no ip address
shutdown
!
ip nat inside source static 192.168.1.101 68.67.85.80
ip nat inside source static 192.168.1.102 68.67.85.81
ip nat inside source static 192.168.1.103 68.67.85.82
ip nat inside source static 192.168.1.104 68.67.85.83
ip classless
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
12-06-2013 02:37 PM
Your config is missing the default-route to the provicer-gateway. And the subnet-mask on the WAN-interface is wrong.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
12-06-2013 03:33 PM
I tried that to with no luck. Does anyone know a support company I can pay per hour to work this out with me over the phone.
Thanks,
Andrew
12-06-2013 03:38 PM
Andrew,
I'm not sure you'll need to hire someone. This config is pretty basic. First of all, you probably can't get out to the internet because of the reasons Karsten stated. You do need a default route in your config and the mask, according to your diagram, is incorrect on the interface. Those definitely need to be fixed before we can complete the other config. You said that you changed it; can you post your updated config?
HTH,
John
*** Please rate all useful posts ***
12-06-2013 03:42 PM
Andrew
Don't know a support company but you definitely going to need the default route as Karsten pointed out.
interface FastEthernet1/0
ip address 68.67.85.80 255.0.0.0
ip nat outside
duplex auto
speed auto
ipv6 ospf cost 1
Is the address meant to be 80 because your diagram shows that IP being used for a NAT. You can do both but is it right ?
Anyway change the IP to it's proper mask -
int fa1/0
ip address 68.67.85.x 255.255.255.248
add this route -
ip route 0.0.0.0 0.0.0.0 68.67.85.79
then -
1) from the router can you ping the next hop ie. 68.67.85.79 ?
2) If yes to 1) how are you trying to connect to the server ?
Your config, if you make the above changes looks fine so it could be something else.
Do the servers have their default gateway set 192.168.1.1 ?
Jon
12-06-2013 04:31 PM
For now I am only going to try to get one server to display plugged in directly to the router. so when i go to my public ip address 68.67.85.80 it should display server on 192.168.1.100. no other servers or switches are plugged in at this time.
Here is my running config file. I can ping the gateway no problem. I also included a screen shot of the page that I get when i go to my public ip address.
!
interface FastEthernet0/0
description internal lan
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description outside world
ip address 68.67.85.80 255.255.255.248
ip nat outside
duplex auto
speed auto
!
ip default-gateway 192.168.1.1
ip nat inside source static 192.168.1.100 68.68.85.80
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 68.67.85.79
!
!
FYI i wasn't sure if it was ok to post my public ip and gatway on here so i posted a fake one for the sake of keeping this strait forward.
12-06-2013 04:37 PM
Your router has that address. If you want that address to go to your web server, you need to change your nat statement to forward only port 80 and 443 to your internal server:
ip nat inside source static tcp 192.168.1.100 80 68.68.85.80 80
ip nat inside source static tcp 192.168.1.100 443 68.68.85.80 443
It should forward correctly after that.
HTH,
John
*** Please rate all useful posts ***
12-06-2013 05:07 PM
Now I am getting a "The connection has timed out" error when i go to the public IP address in the browser. I think this possibly fixed the issue. The server has a clean OS installed and doesn’t have a Apache installed. I can install Apache because the server in unable to connect to the internet. is there something I need to add to the config to do outbound request from my server.
I already changed the server to use a static ip (192.168.1.100), this works fine. I also set the server gateway to 192.168.1.1 and name-servers to:
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 192.168.1.1
I appreciate everyone that has helped me on this.
12-06-2013 05:15 PM
Andrew,
For outbound traffic, including being able to browse the internet, you need another nat statement and an acl:
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
ip nat inside source list 100 interfac fa4 overload
The dns entries that you put in the router only affect when the router is doing a lookup, for example, pinging from the cli. You will need dns entries on the servers though, and you can use Google's nameservers if you wanted.
HTH,
John
*** Please rate all useful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide