Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Web/FTP behind NAT

Hello All

I have my web server as well ftp server as well DNS setup locally on private i paddress range eg.192.168.1.11...

I want to access my webserver from outside....

Domain has also been registered....

but following config dosent allowing me to do so...

if i connect directly web server to public ip address than i can browse my website from outside....

but if i put cisco 2621 with following it wont allow mw....

I have Cisco 2621 hardware with IOS version of 12.1 running as gateway.

Cisco 2621 is configured with

interface FastEthernet0/0

ip address xx.xx.xx.xx/24

ip nat outside

interface FastEthernet0/1

ip address 192.168.1.100

ip nat inside

ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0

ip nat inside source list 10 pool dhara overload

ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable

ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable

ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]

no ip http server

access-list 10 permit 192.168.1.0 0.0.0.255

Any busy has solution waiting for reply...

Thanks,

Dhaval Tandel

3 REPLIES

Re: Web/FTP behind NAT

Hi,

can you post a "show ip nat translation" please?

According to "Configuring Static and Dynamic NAT Simultaneously"

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml or "Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server"

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093e51.shtml

your config should be fine, though it is recommended to use two IP addresses for that matter.

Can you try to modify your config in the following manner:

interface FastEthernet0/0

ip address xx.xx.xx.xx/24

ip nat outside

interface FastEthernet0/1

ip address 192.168.1.100

ip nat inside

ip nat pool dhara xx.xx.xx.xx xx.xx.xx.xx netmask 255.255.255.0

ip nat inside source route-map NATmap pool dhara overload

ip nat inside source static tcp 192.168.1.11 80 xx.xx.xx.xx 80 extendable

ip nat inside source static tcp 192.168.1.11 21 xx.xx.xx.xx 21 extendable

ip nat inside source static tcp 192.168.1.11 22 xx.xx.xx.xx 22 extendable

ip classless

ip route 0.0.0.0 0.0.0.0 [ISP GATEWAY]

no ip http server

route-map NATmap permit 10

match ip address 10

access-list 10 permit 192.168.1.0 0.0.0.255

Sometimes one approach works and the other does not (personal experience). Details on route-maps with NAT can f.e. be found in

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml#backinfo

Hope this helps! Please rate all posts.

Regards, Martin

Re: Web/FTP behind NAT

Hi Dhaval,

May I request you to check the DNS A response and along with that, try to Telnet on port 80 on the Public IP Address.

You may use the www.network-tools.com website for the DNS queries and see if the problem is with the DNS or not.

Kind Regards,

Wilson Samuel

Community Member

Re: Web/FTP behind NAT

Hello

I did try with above given config but no luck..

but if i try with my ip address from outside the network like http://xx.xx.xx.xx that it is working...

probably its DNS resolution problem... additionally i try with directly connecting web server with public ip address and it working too..

Thanks,

Dhaval Tandel

457
Views
0
Helpful
3
Replies
CreatePlease to create content