Re: Cisco router PAT port status closed

hamzakoleripoyil · ‎02-20-2020

Hi Guys,

As you see the below configuration, I want to be able to access a device (192.168.1.100) using port 7331 and 7332 from outside the network using the external ip address and port 7331 and 7332. But when I tried to check the port status using online port scanner tool, status shows "closed". Any help on this matter will be highly appreciated.

no aaa new-model
ip cef
!
!
!
!
ip name-server x.x.x.x
ip name-server x.x.x.x
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
controller DSL 0/0/0
line-term cpe
!
!
!
!
!
interface FastEthernet0/0
ip address 85.208.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.20 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 85.208.x.x
!
ip dns server
!
ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.100 7331 85.208.x.x 7331 extendable
ip nat inside source static tcp 192.168.1.100 7332 85.208.x.x 7332 extendable
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4

balaji.bandi · ‎02-20-2020

ip nat inside source list 101 interface FastEthernet0/0 overload <<-- i do not se any 101 access list in your config.

Try below : let me know the outcome

ip nat source static tcp 192.168.1.100 7731 84.21.44.224 7731

ip nat source static tcp 192.168.1.100 7732 84.21.44.224 7732

ip access-list 10

permit 192.168.1.0 0.0.0.255

!

ip nat source list 10 interface fastethernet0/1 overload

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hamzakoleripoyil · ‎02-20-2020

Hi,

I have enclosed the current config. I tried by removing the below commands as well.

ip nat inside source static tcp 192.168.1.30 7331 85.208.x.x 7331 extendable

ip nat inside source static tcp 192.168.1.30 7332 85.208.x.x 7332 extendable

But still port 7331 and 7332 status shows "closed".

How can open port 7331 and 7332.

Do I miss any config?

paul driver · ‎02-20-2020

Hello

The attached file suggests your rtr is resides behind a another router that is performing NAT

interface FastEthernet0/0
ip address 10.1.1.253 255.255.255.0 <------ not routeable
ip nat outside

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hamzakoleripoyil · ‎02-20-2020

Hi Paul,

Actually the attachment was wrong. The router doesn't reside behind another router. Kindly find the attached current config.what do I have to do to open port 7331 and 7332.

paul driver · ‎02-20-2020

Hello

Your nat configuration has both domain and doimainless nat applied

~~ip nat source list 10 interface FastEthernet0/1 overload~~
~~ip nat source static tcp 192.168.1.30 7331 85.208.x.x 7331 extendable~~
~~ip nat source static tcp 192.168.1.30 7332 85.208.x.x 7332 extendable~~
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.1.30 7331 85.208.x.x 7331 extendable
ip nat inside source static tcp 192.168.1.30 7332 85.208.x.x 7332 extendable

Also Is the host 192.168.1.30 open to those tcp ports?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hamzakoleripoyil · ‎02-20-2020

Dear Paul,

Thank you for getting back to me.

I have corrected the config. What will happen if the host 192.168.1.30 not open to those ports or down. It this case if i try port scanner will it only shows port 7331 and 7332 "closed."?

paul driver · ‎02-20-2020

Hello

@hamzakoleripoyil wrote:

Dear Paul,

Thank you for getting back to me.

I have corrected the config. What will happen if the host 192.168.1.30 not open to those ports or down. It this case if i try port scanner will it only shows port 7331 and 7332 "closed."?

If the internal host isnt open for those port then your port scanner will show those ports not open, so make the internal host open for those port and your port-forwarding should work

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hamzakoleripoyil · ‎02-21-2020

Dear Paul,

Thanks for the reply. We are off today and tomorrow. I will check this on Sunday and let you know.

balaji.bandi · ‎02-20-2020

I suggest doing some tests.

1. check the server opened that ports and you able to telnet from locally to that ports.

2. try from the router also see you able to connect that ports.

3. if the above 2 steps fail, your scanner no longer detects the ports opened. from outside.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hamzakoleripoyil · ‎02-21-2020

Dear Balaji,

Thanks for the reply. I will check this and get back to you. We are off today and tomorrow.

Georg Pauwen · ‎02-20-2020

Hello,

the only port I get a response from on this IP address is tcp 80 (http). Is there anything in front of the router (a firewall) ?

hamzakoleripoyil · ‎02-20-2020

No.

paul driver · ‎02-20-2020

Hello

Please remove your public address from your posts, We should be able to assist you without you advertising your wan rtrs address?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hamzakoleripoyil · ‎02-20-2020

Thanks for the information .