Solved: Forwarding port 80 not working

Phill Johntony · ‎12-10-2013

I setup a LAMP server and can connect to it locally, I tried forwarding port 80 to the apache server but it is not working.

interface GigabitEthernet0/0

description **WAN**

ip address dhcp

ip nat outside

ip virtual-reassembly in

!

interface GigabitEthernet0/1

description **LAN**

ip address 10.0.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip nat inside source list INSIDE_NAT_ADDR interface GigabitEthernet0/0 overload

ip nat inside source static tcp 10.0.0.12 80 interface GigabitEthernet0/0 80

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

!

ip access-list standard INSIDE_NAT_ADDR

permit 10.0.0.0 0.0.255.255

!

Not sure what is wrong, I've scoured the internet for an hour and it all looks good to me.

cadet alain · ‎12-11-2013

Hi from where are you doing this test, from an outside loaction or from an inside location ?

I tried it from my location and I got a Web page with "Woot".

If you try from inside by referencing the outside IP you will be performing NAT hairpinning and this is not supported with classic NAT so you'll have to use NAT NVI to test this from inside.

To do so:

1) replace ip nat inside and ip nat outside commands by ip nat enable

2) replace static inside nat command by ip nat source static .........( you omit the keyword inside)

3) no ip redirect on the WAN interface

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

Abzal · ‎12-10-2013

Hi,

The config looks correct for me.

Try to use another port of web server instead of 80. I'm not sure but ISP might be blocking the 80 port. And do you have static IP for web server or Dynamic DNS?

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal

cadet alain · ‎12-11-2013

Hi,

You should change your default route like this:

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0 dhcp

Try to get to your server from the WAN and if it is still failing post output of sh ip nat translation | i 10.0.0.12

Regards

Alain

Don't forget to rate helpful posts.

paul driver · ‎12-11-2013

Hello

Just like to add also that your config looks okay, so as long as the host as a default-gateway to your wan router and http is open on that port it should work, Saying that I like to explain why cadet alian is specifying the dhcp value instead of the interface in the static

This is to cut down on unnecessary arp requests everytime a route outside your network needs to be reached. This is because your present static route is stating everything is reachable outside of your network is directly connected so each request will result in arp request being sent which could in the long term result in larger arp cache on your router and memory comsumption etc, plus you are also counting on proxy arp being enabled on that interface which sometimes its not.

This is also applicable - ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Phill Johntony · ‎12-11-2013

@Abzal I am using DynDNS, but to make things simpler for now I am just refering to my current IP. I have had this configured on a consumer router in the past, so I know my ISP does not block 80. I will try changing the web server port, but I am also attempting to forward a few other web applications on different ports and they are not working as well.

@cadet Did as you said, still no luck. Here is my translations:

tcp 98.27.233.230:22 10.0.0.12:22 --- ---

cadet alain · ‎12-11-2013

Hi from where are you doing this test, from an outside loaction or from an inside location ?

I tried it from my location and I got a Web page with "Woot".

If you try from inside by referencing the outside IP you will be performing NAT hairpinning and this is not supported with classic NAT so you'll have to use NAT NVI to test this from inside.

To do so:

1) replace ip nat inside and ip nat outside commands by ip nat enable

2) replace static inside nat command by ip nat source static .........( you omit the keyword inside)

3) no ip redirect on the WAN interface

Regards

Alain

Don't forget to rate helpful posts.

Phill Johntony · ‎12-11-2013

I did as you told but it is still not working. Only only thing I was unsure of was #3 no IP redirect on the WAN. Here is what I have now.

interface GigabitEthernet0/0

description **WAN**

ip address dhcp

ip nat enable

ip virtual-reassembly in

!

interface GigabitEthernet0/1

description **LAN**

ip address 10.0.0.1 255.255.255.0

ip nat enable

ip virtual-reassembly in

!

ip nat source list INSIDE_NAT_ADDR interface GigabitEthernet0/0 overload

ip nat source static tcp 10.0.0.12 80 interface GigabitEthernet0/0 80

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

!

ip access-list standard INSIDE_NAT_ADDR

permit 10.0.0.0 0.0.255.255

!

Phill Johntony · ‎12-11-2013

Actually I issued no ip redirects on my WAN and it still didn't work, then I also added no ip redirects on my LAN interface and it seems to be working now.

Thanks a lot for your help Cadet Alain!

cadet alain · ‎12-11-2013

Hi,

cool I didn't remember if it was needed on both sides or on WAN only.

Regards

Alain

Don't forget to rate helpful posts.

cadet alain · ‎12-11-2013

Hi,

do no ip redirect on the WAN and it should work.Did you delete old statements ?

Regards

Alain

Don't forget to rate helpful posts.