Solved: hi,

eekie043nl · ‎12-01-2015

dear,

i can't seem to get port forwarding working on my cisco router.

i'm trying to forward the port 25565 from my server (local ip) to my public ip address. now i tried this with the command ip nat inside static tcp [local address] 25565 interface g0/0 25565 but doesnt seem to work.

can it be that my acces-list blocks this? or do i forget something?

my running-config:

ip nat inside source static udp 192.168.1.2 25565 interface GigabitEthernet0/0 25565
ip nat inside source static tcp 192.168.1.2 25565 interface GigabitEthernet0/0 25565
ip nat inside source route-map rm-nat interface GigabitEthernet0/0 overload
ip nat inside source route-map rm-nat-Miller interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 212.178.140.45
ip route 0.0.0.0 0.0.0.0 212.178.140.181
!
ip access-list standard acl-vty
permit 57.66.108.39
permit 80.101.152.38
permit 31.171.201.96 0.0.0.31
permit 192.168.1.224 0.0.0.31
!
ip access-list extended acl-nat
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended acl-nat-Miller
permit ip 212.178.143.120 0.0.0.7 any
!
ipv6 route ::/0 2001:41F0:F300:5::1
!
route-map Mondi-guest permit 10
match ip address 10
set ip next-hop 212.178.140.45
!
route-map Miller-Graphics permit 10
match ip address 20
set ip next-hop 212.178.140.181
!
route-map rm-nat permit 10
match ip address acl-nat
!
route-map rm-nat-Miller permit 20
match ip address acl-nat-Miller
!
!
access-list 10 permit 192.168.1.0 0.0.0.255

Julio Garcia · ‎12-01-2015

Hi,

did you try with the "extendable" option? Also, can you post the interfaces configuration as well?

Apart from that, the second route-map NAT looks strange, you are matching traffic from public IP addresses in the acl rm-nat-Miller

Regards,

Julio

View solution in original post

Julio Garcia · ‎12-01-2015

Hi,

did you try with the "extendable" option? Also, can you post the interfaces configuration as well?

Apart from that, the second route-map NAT looks strange, you are matching traffic from public IP addresses in the acl rm-nat-Miller

Regards,

Julio

eekie043nl · ‎12-02-2015

hi,

no i did not try the extendable option yet because the only thing i don't know about cisco is the whole acces-list thing.

interface configuration:

interface GigabitEthernet0/0
description outside-ziggo
ip address 212.178.140.46 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip policy route-map Mondi-guest
duplex auto
speed auto
ipv6 address 2001:41F0:F300:5::2/64
ipv6 enable
no cdp enable
!
interface GigabitEthernet0/1
description inside
no ip address
ip nbar protocol-discovery
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.4
description inside MondiGuest
encapsulation dot1Q 4
ip address 192.168.1.254 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
ip policy route-map Mondi-guest
!
interface GigabitEthernet0/1.50
description inside Miller-Graphics
encapsulation dot1Q 50
ip address 212.178.143.121 255.255.255.248
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly in
ip policy route-map Miller-Graphics
!
interface GigabitEthernet0/2
description orange
ip address 212.178.142.1 255.255.255.248
duplex full
speed 100
!
interface GigabitEthernet0/0/0
description outside-ziggo-Miller
ip address 212.178.140.182 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip policy route-map Miller-Graphics
duplex auto
speed auto
no cdp enable

the miller part may look strange but this is correct cause this is the other site using our connection. so this can't be touched.

regards,

nicky

port forwarding and acces-list