cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
477
Views
0
Helpful
10
Replies
Highlighted

NAT / Port forwarding not working

Hi guys,

 

I'm having some issues with  port forwarding on my 1921 ISR, it was all working fine about a week ago... Then overnight (isr restarted due to power failure) it stopped working... I've gone over my config again, and again... Checked IP addresses, firewalls and tested connecting from the LAN and all works as expected. 'I just can't seem to connect from the outside -> in :( 

 

controller VDSL 0/0/0
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
no cdp enable
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
mac-address 7050.afb7.c5da
no ip address
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/0/0.101
encapsulation dot1Q 101
ip dhcp client request classless-static-route
ip dhcp client client-id hex ************************************
ip dhcp client hostname ************@*****|********
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
!
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip nat inside source list 100 interface Ethernet0/0/0.101 overload
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
!
ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880

Thanks in advance for any help!

1 ACCEPTED SOLUTION

Accepted Solutions
Rising star

Re: NAT / Port forwarding not working

If you change this port 8880 to another ports, its working?

Jaderson Pessoa
*** Rate All Helpful Responses ***
10 REPLIES 10
Rising star

Re: NAT / Port forwarding not working

This 192.168.10.202 80 is accessible from internal clients?
Jaderson Pessoa
*** Rate All Helpful Responses ***

Re: NAT / Port forwarding not working

Hi Jaderson,

Yes, it is. :)
Rising star

Re: NAT / Port forwarding not working

@Y. 'FoAmY' Vandenbossche try it;

 

no ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880  < certify the port

 clear interface ethernet0/0/0.101

clear counters  ethernet0/0/0.101

 

shutdown and shutdown under interface 0/0/0.101

 

ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880 < certify the port

 maybe it is a bug

Jaderson Pessoa
*** Rate All Helpful Responses ***

Re: NAT / Port forwarding not working

Tried that already, just tried again... No dice :(
VIP Advisor

Re: NAT / Port forwarding not working

Hello

from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10  - do you get connection?

 

From outside telnet again to your public IP address on port 8880

 

sh ip nat translations 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

Re: NAT / Port forwarding not working

from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10  - do you get connection?  :    yes, connects fine... 

From outside telnet again to your public IP address on port 8880  :    no connection, times out :(

 

VDB-R1# sh ip nat trans
tcp xxx.xxx.xxx.xxx:8880   192.168.10.202:80     ---                   ---

 

Rising star

Re: NAT / Port forwarding not working

If you change this port 8880 to another ports, its working?

Jaderson Pessoa
*** Rate All Helpful Responses ***

Re: NAT / Port forwarding not working

Indeed this fixes it, I guess I'll come up with another port to use!

Thanks for your help everyone!
Rising star

Re: NAT / Port forwarding not working

Great, maybe theret this port stayed in block state in your router "bug" i dont know..

But great that your problem was solved.

:)

Jaderson Pessoa
*** Rate All Helpful Responses ***
VIP Advisor

Re: NAT / Port forwarding not working

Hello

Shouldn't really make much difference but can you try using another source port maybe tcp 80 and amend the acl to deny that host from the dynamic nat


access-list 100 permit deny host 192.168.10.202  any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards