Nat/Pat...Configured but not working?

S

Steve_Oaks

Gawd
Joined
Dec 17, 2002
Messages
808
Originally posted by seanx
well this is what my config looks like and I have it runing DHCP plus forwarding port 8000 to my computer which has a webserver on it.
Click to expand...

Lots of reading and experimenting later and still nothing. I even tried you exact config with just the DNS servers changed and ip routing enabled(when I tftp ed it, it was turning off ip routing). Anyone want to recomend a book? I have read alot so far on nat, setting it up, pat and general router configuration. Everything I have done seems to be right.
 
Still not working.
Current config:

Code: 
Current configuration : 1746 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco_2514
!
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxx
!
ip subnet-zero
no ip finger
ip name-server 66.133.191.35
ip name-server 170.215.255.114
ip dhcp excluded-address 192.168.0.1 192.168.0.20
!
ip dhcp pool DHCP-Pool
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 66.133.191.35 170.215.255.115
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
 ip address dhcp
 ip nat outside
 no ip mroute-cache
 no cdp enable
!
interface Ethernet1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 no cdp enable
 no mop enabled
!
interface Serial0
 no ip address
 no ip mroute-cache
 shutdown
!
interface Serial1
 no ip address
 no ip mroute-cache
 shutdown
 no cdp enable
!
router rip
 version 2
 passive-interface Ethernet0
 network 192.168.0.0
!
ip kerberos source-interface any
ip nat inside source list 2 interface Ethernet0 overload
ip nat inside source static tcp 192.168.0.5 8000 interface Ethernet0 8000
ip nat inside source static tcp 192.168.0.5 1723 interface Ethernet0 1723
ip nat inside source static tcp 192.168.0.5 6881 interface Ethernet0 6881
ip nat inside source static tcp 192.168.0.21 22 interface Ethernet0 22
ip nat inside source static tcp 192.168.0.5 80 interface Ethernet0 80
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http port 8080
!
access-list 2 permit 192.168.0.0 0.0.0.255
!
!
line con 0
 exec-timeout 0 0
 login
 transport input none
line aux 0
 login
line vty 0 4
 password 7 xxxxxxxxxx
 login
!
end

Nat debug detail:

Code: 
Cisco_2514#
1d13h: NAT: o: tcp (69.56.175.236, 80) -> (208.xxx.95.158, 3289) [35180]
1d13h: NAT*: i: tcp (192.168.0.21, 3289) -> (69.56.175.236, 80) [33288]
1d13h: NAT: o: tcp (69.56.175.236, 80) -> (208.xxx.95.158, 3294) [59655]
1d13h: NAT*: i: tcp (192.168.0.21, 3294) -> (69.56.175.236, 80) [33289]
1d13h: NAT: Allocated Port for 192.168.0.21 -> 208.xxx.95.158: wanted 1039 got 1039
1d13h: NAT: i: udp (192.168.0.21, 1039) -> (66.133.191.35, 53) [33291]
1d13h: NAT: o: udp (66.133.191.35, 53) -> (208.xxx.95.158, 1039) [0]
1d13h: NAT: i: tcp (192.168.0.21, 3289) -> (69.56.175.236, 80) [33296]
1d13h: NAT: i: tcp (192.168.0.21, 3294) -> (69.56.175.236, 80) [33297]

Any finally nat translation table:

Code: 
Cisco_2514#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 208.xxx.95.158:22  192.168.0.21:22    ---                ---
tcp 208.xxx.95.158:80  192.168.0.5:80     ---                ---
tcp 208.xxx.95.158:2581 192.168.0.22:2581 65.27.250.162:2830 65.27.250.162:2830
tcp 208.xxx.95.158:2713 192.168.0.22:2713 66.66.48.12:1117   66.66.48.12:1117
tcp 208.xxx.95.158:6881 192.168.0.5:6881  ---                ---
tcp 208.xxx.95.158:3291 192.168.0.21:3291 65.119.30.151:80   65.119.30.151:80
tcp 208.xxx.95.158:2236 192.168.0.22:2236 24.167.87.230:1214 24.167.87.230:1214
tcp 208.xxx.95.158:1723 192.168.0.5:1723  ---                ---
tcp 208.xxx.95.158:8000 192.168.0.5:8000  ---                ---
Cisco_2514#
 
Also i will give out telnet access(yes I know ;) ) to someone if they think they can figure it out.
Not sure if this would have any impact but:
IOS 12.2 with IPSec and built in firewall

SIDE NOTE:
If there are Cisco gurus on here that have an idea or know whats wrong and want me to learn the hard, please just let me know that that is the case please. Im not sure if my problem is that hard or just the gurus want me to figure it out myself. Im close to saying bye bye and ebaying it away.
 
Add 'extendable' to the end of each 'ip nat source static' line, might do the trick.

Edit: I guess the extendable keyword isn't available when the 2nd ip isn't static.

Also, it's not a wise thing to post your wan IP along with your telnet/enable password. Cisco's service-encryption is easily crackable.
 
Originally posted by alrox

Also, it's not a wise thing to post your wan IP along with your telnet/enable password. Cisco's service-encryption is easily crackable.
Click to expand...

No crap. I have had the pleasure of password recovery on a 677 dsl modem.

Hey I may get lucky and while they are messing around they may fix the problem :D
 
I think the nat acl is what's causing the trouble. Take a look at your config, I think acl 2 got modified and it isn't letting me telnet in anymore. I also think that's the problem with your port forwarding as well.

You also forgot to edit out this.

line vty 0 4
password 7 111A0A
login
 
So i need to take the any out which im guessing you put in?

Code: 
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 permit any
 
Originally posted by alrox
I think the nat acl is what's causing the trouble.I also think that's the problem with your port forwarding as well.
login
Click to expand...

Suggestion?
 
For some odd reason this not being able to solve this problem makes me want to study and get a CCNA. Or throw it out the window and remember Im in school to be a web developer.
 
You must log in or register to reply here.
Back
Top