Solved: NAT with a single IP address for servers and hosts - Page 2

_rucisco_ · ‎10-20-2021

Dear community,

I have a LAN with a Web (.2) and ssh (.3) servers, and PCs all in the same network range (192.168.1.0/24). I would like to have my servers accessible from the outside of the network and at the same time also allow the PCs to ping/surf outside, with the public IP address of the router (15.214.21.3.).

I tried with this configuration on my router:

ip nat pool NAT_POOL 15.214.21.3 15.214.21.3 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
ip nat inside source static tcp 192.168.1.2 80 15.214.21.3 80
ip nat inside source static tcp 192.168.1.3 21 15.214.21.3 22
!
access-list 10 permit 192.168.1.0 0.0.0.255

But when I try to ping outside, the router complains that I cannot allocate an IP address. I thought this could be solved with the overload parameter but it doesn't solve the problem.

How can I use a single public IP address for exposing servers and allowing my PCs outside?

BTW, I am configuring this on Packet Tracer.

Thanks

_rucisco_ · ‎10-21-2021

Hi @Georg Pauwen

Thanks again for your time.

I just opened your file in PT 8.0.1 (under Mac OS 10.15.7) and I get the same error. See attached snapshot.

I would think there is something wrong with PT 8.0.1 under Mac after you saying it works on your side but the same error appears on PT 6.0.1 under Win7. What is going on here?

Thanks

Georg Pauwen · ‎10-21-2021

Hello,

I am getting the same error now...weird. There are a lot of flaws in Packet Tracer, this seems to be one of them. Without the static entries, everything works fine:

ip nat pool NAT_POOL 209.165.201.1 209.165.201.1 netmask 255.255.255.0
ip nat inside source list 10 pool NAT_POOL overload
!
access-list 10 permit 192.168.10.0 0.0.0.255

I am going to test this on a real router, to verify if it really is a bug in Packet Tracer. Will get back with you...

_rucisco_ · ‎10-21-2021

But without the static entries, how does the router know that an external packet is addressed to the WWW server or the FTP server?

Thanks a lot!

Georg Pauwen · ‎10-21-2021

Hello,

I just tested this on real routers, your config works without any problem, so it looks like it is definitely a bug in Packet Tracer...

_rucisco_ · ‎10-21-2021

Thansk for checking it out!

Could you please share with us as snapshot of the nat translation table after you ping outside?

Also, can you comment on my previous question? You said that without the static entries in the NAT table it worked but it seems to me that not having those entries would only allow outgoing traffic and if you want to access any of the servers that won't work. Isn't this right?

Thanks again

Georg Pauwen · ‎10-21-2021

Hello,

I just opened the file again, and now the PING works with and without the static entries. Rather annoying, as there does not seem to be a consistent pattern to this...

As to your second question, indeed without the static entries, the servers cannot be reached from the outside, and connections can only be initiated from the inside.

_rucisco_ · ‎10-21-2021

Oh, really? This is the kind of things I hate from PT

I tried once more to see if I could get it to work but it doesn't. I cannot get through the router to the outside. The point is, how does it show the nat transalation table when you get the messages through? Can you please send a snaphot? I would like to see it.

Thanks

_rucisco_ · ‎10-22-2021

Well, I tried this on GNS3 and it works perfectly fine just as @Georg Pauwen said.

Could I contact someone to inform about this problem in order for them to fix it?

Thanks for your support @Georg Pauwen @paul driver