Re: NAT trouble with web and smtp

gold78 · ‎07-21-2003

Hi!

I have implemented NAT on my 1605R router but I having some problems..

Since then I can't send outgoing mail with SMTP.

The mailserver belongs to my ISP.

I get a message that the TCP/IP connection was lost when I'm sending a mail. That worked before I implemented NAT. And I also trying to port forwarding web traffic to a machine on the inside.

I get a connection, but no pages displays.

Please look at my config and give me hints whats wrong? Only the password parts are missing from it:

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Tilda

!

boot system tftp c1600-sy-mz.123-1.bin 192.168.1.5

logging console critical

enable password <----------->

!

ip subnet-zero

ip name-server 192.71.220.10

!

ip accounting-threshold 10

vpdn enable

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

interface Ethernet0

description connected to EthernetLAN

ip address 192.168.1.1 255.255.255.0

ip accounting output-packets

ip nat inside

!

interface Ethernet1

description Internet

no ip address

no ip redirects

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface Dialer1

ip address negotiated previous

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username <account + password>

!

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.1.21 80 interface Dialer1 80

ip nat inside source static tcp 192.168.1.1 23 interface Dialer1 443

ip nat inside source static tcp 192.168.1.5 25 interface Dialer1 25

ip nat inside source static tcp 192.168.1.5 5900 interface Dialer1 8080

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

snmp-server community public RO

snmp-server enable traps tty

!

end

Best regards

/Leif

vmiller · ‎07-21-2003

At least for mail, I suggest a static nat entry for your inside to outside server address

thisisshanky · ‎07-21-2003

Are you sure you are getting the same ip address (public ip) negotiated from your ISP ??? If this keeps changing, you might have problems receiving email communications, between outside servers and your internal server. (Even though DNS records will have a static entry). Its better to put a static pubic ip address, instead of specifying the ip address of the dialer interface, which is negotiated each time.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

gold78 · ‎07-21-2003

No, I don't get the same ip address but it doesn't matter. I don't have a mailserver on my network. The mailserver for pop and smtp are on the Internet.

thisisshanky · ‎07-22-2003

If thats the case, then you dont need all those static tcp mappings for the NAT. Just a simple nat statement such as,

"ip nat inside source list 1 interface dialer 1 overload" would do the job.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

gold78 · ‎07-21-2003

How do you mean? Is it really necessary?

Can you give a example?

akin_lopez · ‎07-22-2003

Hi, I suggest you just do a stic nat and ignore the protocol part of it.

i mean the line

ip nat inside source list 1 interface Dialer1 overload

is enough and you should remove the other ip nat commands specifying the port and protocols.

cheers.

gold78 · ‎07-22-2003

But how do I direct traffic to other hosts on my network without them? Is "ip nat inside source static 192.168.1.5 interface Ethernet 1" enough?

But if I have other hosts?

gold78 · ‎07-22-2003

Yes, it worked better! Thank you!

K@yT · ‎07-23-2020

hi @gold78 can you please mention what worked better?

Georg Pauwen · ‎07-24-2020

Hello,

the last post was from 2003, you might not get an answer from this contributor anymore. What are you after ?