cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
766
Views
3
Helpful
12
Replies

allow internet user see my private lan

emadehsan
Level 1
Level 1

I have a mailserver with invali ip address

we have also some Valid ip address

how can I use nat to see this server form internet?

12 Replies 12

devang_etcom
Level 7
Level 7

you can use the static NAT for your server IP address...to allow internet user to use your mail server from internet...

for configuration look at this link:http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093f31.shtml

please rate this post if it helps

regards

Devang

HI devang

thank you

I add this command to my route

ip nat inside source static c.v.b.n a.s.d.f

now i can ping the ip address but cant access or browse my server

Hi

Please give the entire config.

Regards

JD

the config is something like this

serial 0

ip adrress m.n.b.v

ip nat outside

fasethernet 0

ip adrs 172.16.100.109

ip nat inside

ip nat inside source static 172.16.100.7(mailserver) a.b.c.d

waiting for your reply

Hi

You have not mentioned following into the router

ip nat pool test a.b.c.d a.b.c.i netmask 255.255.255.x

ip nat inside source list 1 pool test overload

access-list 1 permit 172.16.100.0 0.0.0.255

Hope that helps.

Pls rate helpful posts.

Regards

JD

Dear Jd

your config is when my local addresses want access to internet

but my problem is that I want to make available my mailserver from internet

Sorry,

My mistake in understanding.

Regards

JD

dear JD

here is want i need..

Configuring NAT to Allow the Internet to Access Internal Devices

can u help me?

Dear JD

thank you for your doc

I will give a good rate to you

but acctually i have these documents but i dont know why it doesnt work

can you give a sample config ?

Dear Ehsan

Below is the config I have been doing:It is basically a LAB setup in which I have public IPs 192.168.1.0/24 and private IPs 192.168.2.0/24.Now I am giving 192.168.1.165/24 on one ethernet and 192.168.2.1/24 on another ethernet.I have kept a webserver (a Ip camera with a web server..to be precise), which is given a IP 192.168.2.200/24. Now from pool 192.168.1.0 (My PC ip is 192.168.1.75/24) I give 192.168.1.165 in my web browser, and I get access to my network camera.

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$up5a$RW41pVnG8M8PfsKSZFgc0.

!

username cisco password 0 cisco

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.165 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip nat pool test 192.168.1.165 192.168.1.165 netmask 255.255.255.0

ip nat inside source list 1 pool test overload

ip nat inside source static 192.168.2.200 192.168.1.165

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip http server

!

access-list 1 permit 192.168.2.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

login local

line vty 5 15

login local

!

!

!

end

Router#sh ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1197 192.168.1.75:1197

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1200 192.168.1.75:1200

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1201 192.168.1.75:1201

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1202 192.168.1.75:1202

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1203 192.168.1.75:1203

tcp 192.168.1.165:80 192.168.2.200:80 192.168.1.75:1204 192.168.1.75:1204

--- 192.168.1.165 192.168.2.200 --- ---

There may be some issue with your mail server.

Regards

JD

Hello,

in addition to the other posts, you might want to try and add a static port translation for port 25 and port 110. Let's assume the IP address of your mail server is 192.168.1.20, the static entries would look like this:

ip nat inside source static tcp 25 192.168.1.20 212.136.12.2 25 extendable

ip nat inside source static tcp 110 192.168.1.20 212.136.12.2 110 extendable

If your external interface does not have a static IP address, but rather a dynamic one, the entries would be:

ip nat inside source static tcp 25 192.168.1.20 interface Dialer0

ip nat inside source static tcp 110 192.168.1.20 interface Dialer0

Regards,

GNT