cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1142
Views
0
Helpful
9
Replies

Port forward using nat

Neil key
Level 1
Level 1

I have a 857w adsl router, I have configured it to connected to my ISP and i get a dhcp address from them, and I have dhcp pool to assign ip addresses to wireless or LAN, i have nat overload on a BVI . I am now  trying to get one of the LAN port which has a device of 172.16.0.3 to be accessible from the outside world, but it will not let anyone connect to it.

I will upload my Config if anyone can help

1 Accepted Solution

Accepted Solutions

blau grana
Level 7
Level 7

Hello Neil,

I assume that you have only one publi IP, one which you obtain via dhcp. You have also configured NAT overload, so now you can configure only port forward to make some devices available from internet.

try this config:

ip nat inside source static 172.16.0.3 PORT interface_with_public_IP[probably Dialer] PORT

Also check if some ACL is not blocking your traffic.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

View solution in original post

9 Replies 9

blau grana
Level 7
Level 7

Hello Neil,

I assume that you have only one publi IP, one which you obtain via dhcp. You have also configured NAT overload, so now you can configure only port forward to make some devices available from internet.

try this config:

ip nat inside source static 172.16.0.3 PORT interface_with_public_IP[probably Dialer] PORT

Also check if some ACL is not blocking your traffic.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Thanks for the reply, yeah I have one ip via dhcp from ISP , and I only want one device accessible for the Internet. I have tried the command below already but it did not work, I also don't have ACL configured yet.

here is my config

no aaa new-model

!

!

dot11 syslog

!

dot11 ssid Wireless1

   vlan 1

   authentication open

   guest-mode

   wpa-psk ascii 0 XXXXXXXX

!

dot11 ssid Wireless

   authentication open

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.16.0.1

ip dhcp excluded-address 172.16.0.3

!

ip dhcp pool sdm-pool1

   network 172.16.0.0 255.255.0.0

   default-router 172.16.0.1

   dns-server 212.159.6.10 212.159.6.9

!

!

ip cef

!

!

!

username neil privilege 15 password 0 XXXXXXXXXXXXXXXXXXXXXX

!

!

archive

log config

  hidekeys

!

!

!

bridge irb

!

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no ip mroute-cache

atm vc-per-vp 128

no atm ilmi-keepalive

pvc 0/38

  oam-pvc 0

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Dot11Radio0

no ip address

!

ssid  Wireless

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

bridge-group 1

!

interface Dialer0

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname XXXXXl@XXXXX.net

ppp chap password 0 XXXX

ppp pap sent-username XXXX@XXXXX.net password 0 XXXXXXX

ppp ipcp dns request

ppp ipcp wins request

hold-queue 224 in

!

interface BVI1

description $ES_LAN$

ip address 172.16.0.1 255.255.0.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http server

ip http authentication local

no ip http secure-server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 172.16.0.3 12000 interface Dialer0 12000

ip nat inside source static udp 172.16.0.3 12000 interface Dialer0 12000

ip nat inside source static 172.16.0.3 interface Dialer0

!

access-list 1 permit 172.16.0.0 0.0.0.255

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

no modem enable

line aux 0

line vty 0 4

password XXXXXX

login local

Hello Neil,

Delete this line:

ip nat inside source static 172.16.0.3 interface Dialer0

You can forward just particular UDP/TCP ports, you can not configure static NAT 1:1. Try your configuration without mentioned line if it will work.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

I have removed the line but i still can not get internet access to my internal device

OK, I can not see any routing configuration in your post, so probably you receive default route via DHCP from your ISP, can you confirm this?

Or can you post output of #show ip route

Also can you confirm that from 172.16.0.3 device you can reach IP address of internet device from which you are trying to connect to 172.16.0.3 device => I hope this sentence make sense

Can you see NAT translation on router?

#show ip nat trans

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Thanks fr the reply,

My routing is

ip route 0.0.0.0 0.0.0.0 Dialer0

I have a routing table with a candidate route in there too to dialer 0, if you mean can I get on the net from from the 0.3 device, the answer is yes, I am getting nat translations but I can not give to you right now as I out of home right now.

Neil, as you wrote you have no problem to communicate with "0.3" device to internet, configuration is very basic, there is nothing else to do. I would say that problem will be on "0.3" device. Is it PC or server, can you check that communication is no filtered there with some firewall or something else.

If you can capture traffic on NIC you can verify if some packets from internet arrive when you try to connect there.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Hello

Is there a reason are you trying to perform static pat on port 12000?
How are you trying to connect to this internal pc ?

Does the internal pc have any software firewall enabled - if so are the designated ports open?

Even though you have a default route to the dialer interface ( maybe try and ask your ISP as to what to configure for the default gateway.

Try using the public ip instead of the dialer interface
ip nat inside source static tcp 172.16.0.3 xx (use public allocated ip) xx extendable

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I took out the line you said and it never worked, but I figured it out my dns was not updating, stupid mistake on my part but all sorted out now, just need to configure ddns on the router now. Thanks for your help

Review Cisco Networking for a $25 gift card