07-20-2011 12:01 AM - edited 03-04-2019 01:02 PM
As per title, we are trying to configure (simple) port forwarding for port 8080 to an internal server
The server internal IP is 192.168.1.10, and (assuming) our public IP address is 119.75.30.128, the mapping is done as follow:
Private IP Address: 192.168.1.10 (8080)
Public IP Address: 119.75.30.128 (8080)
Protocol: TCP
We are a web development company and has no in-depth knowledge on routers or networking, but we supposed by just setting the above is all we need to do...
Additionally, we tried doing it on Web Server (port 80) and when we access http://119.75.30.128 it prompts us the Router login, meaning the NAT doesnt work..
We are using Cisco 877-k9 on IOS 12.4(15)T5, and have "Enable NAT" checkbox checked
Appreciate if anyone could help resolve the issue, many thanks!!
07-22-2011 11:10 AM
Chen,
I can help you with the configuration through command line interface of the router.
Telnet/SSH into the router & capture the output of "show run". Please share that & I can send you the sample config then.
Config example:
ip nat inside source static tcp 192.168.1.10 8080 119.75.30.128 8080
interface x/y <<
ip nat inside
interface x/z<<<
ip nat outside
HTH,
Amit Aneja
Regards,
Amit Aneja
07-24-2011 08:21 PM
Hi Amit Aneja,
Thanks for your kind help in advance!
Please find our config as follow:
-----------------------------------------------
Current configuration : 7623 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MYHOST
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$PtjP$prh8eXCB2a/WqqxMPmBpA/
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-HEXKEY
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-HEXKEY
revocation-check none
rsakeypair TP-self-signed-HEXKEY
!
!
crypto pki certificate chain TP-self-signed-HEXKEY
certificate self-signed 01
30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303934 30323338 3632301E 170D3032 30333031 30303037
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30393430
32333836 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AA22 86926C23 C1683D8B 78A5006D 90428FC8 939C5E52 26F42DD4 EB6BA6A3
0A049DAB FE71D2E9 AFBF75B7 BD82685E AB6FE57B 29E1EB8E 09D2CAD2 23F573C2
A4BEB324 92431A5B B55C6D03 A4763792 B8C157B7 C30DD2DC 982E9CCA 3767C1D0
E1F80497 3F002347 6CF255CA C4A452B6 40293356 E477F8B4 C4C3AF1A 8622B83A
976F0203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
551D1104 21301F82 1D436F6E 76657274 75696D5F 3837372E 796F7572 646F6D61
696E2E63 6F6D301F 0603551D 23041830 16801463 1FF378C7 D1124CC3 B0A6B037
51AECF3B E3BC7730 1D060355 1D0E0416 0414631F F378C7D1 124CC3B0 A6B03751
AECF3BE3 BC77300D 06092A86 4886F70D 01010405 00038181 0047CE84 0B91911F
B956476E 59D0734C 1329E6AF E5DA1CAF CFE40F55 81E0F09C EFB42B10 2863ED4A
A50E62E8 958B625A 0FF2F723 9EA3192E 0D54F30A C84DEC08 C244D68A B2CCC8F8
F3BE8198 12D5D41B F6E18FCE 54107036 109B3C80 09EE73B6 2D651894 0F0109E6
C35978F3 B99579A9 5B0AC074 E25A3A10 4AAE1902 43BDB3B8 E1
quit
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.109 192.168.1.254
!
ip dhcp pool sdm-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 165.21.100.88 165.21.83.88
lease 0 2
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name yourdomain.com
ip name-server 165.21.83.88
ip name-server 165.21.100.88
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
username admin privilege 15 password 0 MYPASSWORD
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect match-any SDM_HTTPS
match access-group name SDM_HTTPS
class-map type inspect match-any SDM_SSH
match access-group name SDM_SSH
class-map type inspect match-any SDM_SHELL
match access-group name SDM_SHELL
class-map type inspect match-any sdm-cls-access
match class-map SDM_HTTPS
match class-map SDM_SSH
match class-map SDM_SHELL
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-all sdm-nat--1
match access-group 103
class-map type inspect match-all sdm-nat--2
match access-group 104
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-access
match class-map sdm-cls-access
match access-group 102
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat--1
inspect
class type inspect sdm-nat--2
inspect
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class type inspect sdm-access
inspect
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface ATM0
description $FW_OUTSIDE$$ES_WAN$
ip address XXX.XX.XX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly
zone-member security out-zone
no atm ilmi-keepalive
pvc 8/35
protocol ip XXX.XX.XX.XXX broadcast
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Virtual-Template1
no ip address
peer default ip address pool defaultpool
ppp authentication chap ms-chap
!
interface Vlan1
description lan:203.169.117.56-63 and 58.185.68.152-159$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
ip local pool defaultpool 192.168.100.1 192.168.100.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 XXX.XX.XX.XXX
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface ATM0 overload
ip nat inside source static tcp 192.168.1.5 80 interface ATM0 80
ip nat inside source static tcp 192.168.1.5 8080 interface ATM0 8080
!
ip access-list extended SDM_HTTPS
remark SDM_ACL Category=1
permit tcp any any eq 443
ip access-list extended SDM_SHELL
remark SDM_ACL Category=1
permit tcp any any eq cmd
ip access-list extended SDM_SSH
remark SDM_ACL Category=1
permit tcp any any eq 22
!
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip XXX.XX.XX.XXX 0.0.0.3 any
access-list 101 remark SDM_ACL Category=2
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=128
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.1.50
access-list 104 remark SDM_ACL Category=0
access-list 104 permit ip any host 192.168.1.50
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide