I have a cisco 1921 router that I can not get to port forward/allow access to my internal webserver. SSH is open so it appears that the ISP or modem isn't blocking it (I could be wrong). Inside LAN works getting out to the internet.
Gateway of last resort is 126.96.36.199 to network 0.0.0.0 S* 0.0.0.0/0 [254/0] via 188.8.131.52 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.0/24 is directly connected, GigabitEthernet0/0 L 10.0.0.1/32 is directly connected, GigabitEthernet0/0 184.108.40.206/8 is variably subnetted, 3 subnets, 2 masks S 220.127.116.11/32 [254/0] via 18.104.22.168, GigabitEthernet0/1 C 22.214.171.124/22 is directly connected, GigabitEthernet0/1 L 126.96.36.199/32 is directly connected, GigabitEthernet0/1 R 192.168.1.0/24 [120/1] via 10.0.0.2, 00:00:01, GigabitEthernet0/0 crib# crib#show run Building configuration... Current configuration : 1347 bytes ! ! Last configuration change at 01:39:03 UTC Fri Jan 18 2019 by jigga ! version 15.0 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname crib ! boot-start-marker boot-end-marker ! enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ! aaa new-model ! ! ! ! ! ! ! aaa session-id common ! no ipv6 cef ip source-route ip cef ! ! ! ! no ip domain lookup ip domain name xxxxxxxxxx multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1921/K9 sn xxxxxxxx ! ! username grover privilege 15 secret 5 xxxxxxxxxxxx ! ! ! ! ! ! interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface GigabitEthernet0/1 ip address dhcp ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Serial0/0/0 no ip address shutdown no clock rate 2000000 ! router rip version 2 network 10.0.0.0 network 188.8.131.52 no auto-summary ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface GigabitEthernet0/1 overload ip nat inside source static tcp 192.168.1.21 80 interface GigabitEthernet0/1 80 ! access-list 1 permit 10.0.0.0 0.255.255.255 ! ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 transport input ssh ! scheduler allocate 20000 1000 end
tcp 184.108.40.206:64981 10.0.0.2:64981 220.127.116.11:443 18.104.22.168:443
tcp 22.214.171.124:80 192.168.1.21:80 --- ---
ip nat inside source static tcp 192.168.1.21 80 interface GigabitEthernet0/1 80 extendable
still port 80 not opened
crib#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 126.96.36.199:49399 10.0.0.2:49399 188.8.131.52:51348 184.108.40.206:51348
udp 220.127.116.11:49399 10.0.0.2:49399 18.104.22.168:63342 22.214.171.124:63342
tcp 126.96.36.199:56106 10.0.0.2:56106 188.8.131.52:443 184.108.40.206:443
udp 220.127.116.11:59855 10.0.0.2:59855 18.104.22.168:443 22.214.171.124:443
tcp 126.96.36.199:60353 10.0.0.2:60353 188.8.131.52:443 184.108.40.206:443
tcp 220.127.116.11:80 192.168.1.21:80 --- ---
Can you ping the web server from the router ?
If not check default gateway of web server.
If you cannot ping the server then it is not going to work.
You have a route to the 192.168.1.0/24 network on your firewall so check your server and see where it's default gateway points to.
It looks like my Netgear N150 logs that someone from 18.104.22.168 was able to get LAN access from Remote 22.214.171.124. Looks like they're using AWS probably a hacker. It's a shame others can get access but I can't, lol
This whole thing is weird. How my setup is, I have Charter Spectrum a cable modem, connected to e1 on cisco router, e0 goes to netgear router, on this router, I can't enter any (0.0.0.0 0.0.0.0 route).
When I put the Netgear N150 that was originally behind the cisco router, connect it directly to the modem and I get an entirely different ip address. From 68.x.x.x, to 100.x.x.x. If I connect my laptop directly, I get an entire new address scheme. If I do have the netgear wifi router plugged directly to the modem, then the port forwarding works, but not with the cisco router.
As I have said already if you cannot ping the server from your router then it will not work.
Either get the routing between the routers working or remove one of the routers.
I connected the modem to the router via switch, eliminating other netgear router. I verified i could ping all 3 devices in the switch. Router, server, laptop. All can communicate. I start my server, open the website canyouseeme.com. scan port 80, it's open. I stop the server, scan again, port 80 is closed.