Re: I Can't Port forwarding with Cisco 1921 to internal web server - Page 2

jiggaracci · ‎01-18-2019

I have a cisco 1921 router that I can not get to port forward/allow access to my internal webserver. SSH is open so it appears that the ISP or modem isn't blocking it (I could be wrong). Inside LAN works getting out to the internet.

Gateway of last resort is 68.119.44.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 68.119.44.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/24 is directly connected, GigabitEthernet0/0
L        10.0.0.1/32 is directly connected, GigabitEthernet0/0
      68.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S        68.114.38.242/32 [254/0] via 68.119.44.1, GigabitEthernet0/1
C        68.119.44.0/22 is directly connected, GigabitEthernet0/1
L        68.119.44.240/32 is directly connected, GigabitEthernet0/1
R     192.168.1.0/24 [120/1] via 10.0.0.2, 00:00:01, GigabitEthernet0/0
crib#
crib#show run
Building configuration...

Current configuration : 1347 bytes
!
! Last configuration change at 01:39:03 UTC Fri Jan 18 2019 by jigga
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname crib
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name xxxxxxxxxx
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn xxxxxxxx
!
!
username grover privilege 15 secret 5 xxxxxxxxxxxx
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no clock rate 2000000
!
router rip
 version 2
 network 10.0.0.0
 network 68.0.0.0
 no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.21 80 interface GigabitEthernet0/1 80

!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
end

jiggaracci · ‎01-25-2019

Well I'm not sure it's routing. The modem gives very different ips.
Someone else had stated the spectrum blocks ports on their end.

With the last config i used my apache server. Can access it by lan.

If i start the web server, the port scanner shows its open from the web.
When I stop the server, the port scanner from the web shows it as closed.

Therefore...

Jon Marshall · ‎01-25-2019

Perhaps I am not following but when you only use one router it works and when you use both routers it doesn't.

In addition when you had both routers you could not ping the web server from the Cisco router and if you can't ping it then NAT etc. is largely irrelevant.

Jon

jiggaracci · ‎01-25-2019

No, when I only use the cisco, running my web server ad If I goto the
external IP, i get page cant be displayed. I checked the ports with
canyouseeme.com port scanner and it says port 80 open. If I stop the
webserver, I get port 80 blocked.

When i plug in the modem to netgear wireless router, i get a different IP
address, but EVERYTHING works fine.

Dont want to use netgear, prefer cisco.