This configuration is not working

if do an nat

ip nat inside source static 192.168.1.242 37777 122.183.181.4x 37777

then also the port is filtered if i do an portqry  37777 port.

if i ping that ip i can get reply

if i do an portqry for ip 122.183.181.4x like port 25 , 110 i get listenting.

there is only one acl 1 show sdm category=2

Kindly reply asap

Try this:

If DVR is listening on TCP then From the router Telnet DVR ip on port 37777

#telnet 192.168.1.242 37777

this will tell you if the tcp port is actually open on the DVR. If it says connection refused that means DVR is not listening on port 37777 and you will need to open it on the DVR box

Also after you have made the config and when  you try fto access the DVR from outside take and post the following output

"show ip nat translations"

"show ip nat translations"

tcp 122.183.181.4x:37777 192.168.1.242:37777 ---             ---

i can telnet from router to dvr 192.168.1.242 37777 it says open.

thank you.

Hi Baseeth,

Is your configuration is

ip nat inside source static tcp 192.168.1.242 37777 interface f0/0 37777

interface port 0/0

ip nat outside

interface port 0/1

ip nat inside

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

This is my config kindly help,

port 37777 cannot be accessed from  outside it say filtered when we to an portqry 

Using 1961 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname llmkolthur
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging buffered
enable secret 5 $1$jmsa$EorwYutDqRhbY0DgBv5cG0
enable password enable
!
no aaa new-model
clock timezone Chennai 5 30
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip name-server 203.145.184.13
ip name-server 203.145.184.32
!
multilink bundle-name authenticated
!
!
!
!
!
!
username admin privilege 15 view root secret 5 $1$SXdp$so2azlWt569tN3Tdy7HbY1
archive
log config
  hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description LAN Connection - LLM Kolathur Works$ETH-LAN$
ip address 122.183.1xx.46 255.255.255.248 secondary
ip address 192.168.1.200 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description WAN Connected to Airtel Leased Line - LLM Kolathur Works$ETH-WAN$
ip address 122.183.1xx.6 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 122.183.1xx.5
ip http server
no ip http secure-server
!
!
ip nat pool Internet_Access 122.183.1xx.42 122.183.1xx.42 netmask 255.255.255.24
8
ip nat inside source list 1 pool Internet_Access overload
ip nat inside source static tcp 192.168.1.242 37777 122.183.1xx.43 37777 extendable i have added this one only
ip nat inside source static tcp 192.168.1.108 37777 122.183.1xx.46 37777 extenda
ble
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4

login
!
scheduler allocate 20000 1000
end

can you modify access-list 1 as follows:

access-list 1 deny host 192.168.1.242

access-list 1 permit 192.168.1.0 0.0.0.255

Ideally the static entry should take preference but this config will make sure that dynamic is not used.

Also please post the following ouput when you try to telnet on 122.183.1xx.43 on port 37777 from outside world:

:

show ip nat statistics

show ip nat translation | include 192.168.1.242

Nothing works

when do an telnet from outside

could not open connection to the host on port 37777

what wrong with config ?

Why the port is filtered ?

is their any thing wrong in acl ?

is their an problem with my isp migth be blocking port 37777?

please revert asap!

thank you

Dear Sir,

This is the latest config:

Current Configuration after creating ACL

IP ACCESS LIST LOG AFTER TRY TELNET FROM PUBLIC NETWORK

10 permit tcp any host 122.183.1xx.43 eq 37777 log (6 matches)

20 permit ip any any (207 matches)

llmkolthur#show ip access-lists 199

Extended IP access list 199

10 permit tcp any host 122.183.1xx.43 eq 37777 log (6 matches)

20 permit ip any any (245 matches)

llmkolthur#show ip access-lists 199

Extended IP access list 199

10 permit tcp any host 122.183.1xx.43 eq 37777 log (9 matches)

20 permit ip any any (265 matches)

If i do an telnet from router to DVR with local ip telnet192.168.1.242 on port 80---- it say it

llmkolthur#telnet 192.168.1.242
Trying 192.168.1.242 ... Open

(none) login:

I tried these way I have created nat to access the router through telnet port 23 on ip 122.183.1xx.43

ip nat inside source static tcp 192.168.1.200 23 122.183.1xx.43 23

192.168.1.200-----> Local ip of router

From any public from outside i can telnet the port 122.183.1xx.43 23 and can successfully access the router

So NAT through accesslist is working, iam i rite ?

????

Thank You , awaiting for ur reply

Good to see that problem is resolved Bhaseeth.

Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Thank you all,

      Atlast Dvr is up and running through NAT

      Issue is Gateway wrongly configured in the DVR