05-02-2020 06:03 PM - edited 05-02-2020 06:04 PM
Hi All,
I'm trying to set up a local nginx instance for fun. I also have a static IP from my ISP. I can connect to the nginx instance over localhost/loopback but my settings on my 897 don't seem to be forwarding port 80 requests from Dialer0 to my local machine.
Any advice on this would be awesome! Also happy to take on any unrelated advice to improving my config, I'm not very good at CSICO management.
My config;
version 15.6 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname HOME-897-R1 ! boot-start-marker boot-end-marker ! ! enable secret 5 x ! no aaa new-model clock timezone AEST 10 0 clock summer-time AEDST recurring 1 Sun Oct 2:00 1 Sun Apr 2:00 ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 192.168.0.1 ip dhcp excluded-address 192.168.0.2 ! ip dhcp pool fullhouseDHCP network 192.168.0.0 255.255.255.0 default-router 192.168.0.1 dns-server 1.1.1.1 ! ! ! ip domain name fullhouse.home ip name-server 1.1.1.1 ip name-server 208.67.222.222 ip name-server 8.8.8.8 ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! chat-script lte "" "AT!CALL" TIMEOUT 20 "OK" ! ! ! ! ! license udi pid C897VAG-LTE-LA-K9 sn FGL2125949P ! ! username x privilege 15 secret 5 x ! redundancy ! ! ! ! ! controller VDSL 0 firmware filename flash:VA_A_39m_B_38h3_24h.bin ! controller Cellular 0 lte modem link-recovery rssi onset-threshold -110 lte modem link-recovery monitor-timer 20 lte modem link-recovery wait-timer 10 lte modem link-recovery debounce-count 6 ! ! ! ! ! ! ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface Cellular0 no ip address encapsulation slip shutdown dialer in-band dialer string lte ! interface Cellular1 no ip address encapsulation slip shutdown ! interface Ethernet0 description -- Ethernet WAN -- ip address dhcp ip nat outside ip virtual-reassembly in ip tcp adjust-mss 1452 pppoe enable group global pppoe-client dial-pool-number 1 ! interface GigabitEthernet0 no ip address spanning-tree portfast ! interface GigabitEthernet1 no ip address spanning-tree portfast ! interface GigabitEthernet2 no ip address ! interface GigabitEthernet3 no ip address spanning-tree portfast ! interface GigabitEthernet4 no ip address ! interface GigabitEthernet5 no ip address ! interface GigabitEthernet6 no ip address ! interface GigabitEthernet7 no ip address ! interface GigabitEthernet8 no ip address duplex auto speed auto ! interface Vlan1 description -- LAN -- ip address 192.168.0.1 255.255.255.0 ip nat inside ip virtual-reassembly in ip tcp adjust-mss 1452 ! interface Vlan2 no ip address ! interface Dialer0 description -- VDSL -- mtu 1492 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer-group 1 no keepalive ppp authentication chap callin ppp chap hostname x ppp chap password x ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept no cdp enable ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ip nat inside source list outbound_nat interface Dialer0 overload ip nat inside source static tcp 192.168.0.18 80 interface Dialer0 80 ip route 0.0.0.0 0.0.0.0 Dialer0 ip ssh port 9001 rotary 1 ip ssh version 2 ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr ! ip access-list extended outbound_nat permit ip 192.168.0.0 0.0.255.255 any permit ip 192.0.2.0 0.0.0.255 any ! ipv6 ioam timestamp ! ! control-plane ! ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! line con 0 no modem enable line aux 0 line 2 no activation-character no exec transport preferred none transport input all stopbits 1 line 3 script dialer lte no exec line 8 no exec line vty 0 4 privilege level 15 login local rotary 1 transport input ssh transport output ssh ! scheduler allocate 20000 1000 ntp server 27.124.125.251 ! end
05-03-2020 05:49 AM
Remove 'ip nat outside' from your WAN interface (let the Dialer handle it).
interface Ethernet0 description -- Ethernet WAN -- no ip address pppoe enable group global pppoe-client dial-pool-number 1
As for suggestions for improving your config, start by implementing some sort of firewall, either zone-based or CBAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide