I'm having a problem with port forwarding on my 1941W router.
I would like to forward ports 8001 and 2001 TCP from Internet to a local host on the internal network.
I am able to connect to the local host from the internal network, but it does not work from the Internet.
Here is my config:
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
clock timezone EASTERN -4
clock summer-time PCTime date Apr 6 2003 3:00 Oct 26 2003 3:00
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
no ip source-route
ip cef
!
!
ip dhcp excluded-address 10.20.7.0 10.20.7.49
ip dhcp excluded-address 10.20.7.250 10.20.7.255
!
ip dhcp pool ccp-pool1
import all
network 10.20.6.0 255.255.254.0
default-router 10.20.7.1
!
!
ip domain name xxxxxx.com
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-A/K9 sn FGL153026TT
hw-module ism 0
!
!
!
username xxxxxx privilege 15 password 0 xxxxxx
!
!
no ip ftp passive
!
policy-map sdm-qos-test-123
class class-default
!
bridge irb
!
!
!
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet0/0
description LAN interface$ES_LAN$
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
bridge-group 2
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered BVI2
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
description WAN interface
ip address dhcp client-id GigabitEthernet0/1
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
bridge-group 2
!
interface BVI2
ip address 10.20.7.1 255.255.254.0
ip nat inside
ip virtual-reassembly
!
no ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.20.7.21 8001 interface GigabitEthernet0/1 8001
ip nat inside source static tcp 10.20.7.21 2001 interface GigabitEthernet0/1 2001
ip nat inside source static tcp 10.20.7.22 8002 interface GigabitEthernet0/1 8002
ip nat inside source static tcp 10.20.7.22 2002 interface GigabitEthernet0/1 2002
ip nat inside source static tcp 10.20.7.23 8003 interface GigabitEthernet0/1 8003
ip nat inside source static tcp 10.20.7.23 2003 interface GigabitEthernet0/1 2003
ip nat inside source static tcp 10.20.7.24 8004 interface GigabitEthernet0/1 8004
ip nat inside source static tcp 10.20.7.24 2004 interface GigabitEthernet0/1 2004
ip nat inside source static tcp 10.20.7.25 8005 interface GigabitEthernet0/1 8005
ip nat inside source static tcp 10.20.7.25 2005 interface GigabitEthernet0/1 2005
ip nat inside source static tcp 10.20.7.26 8006 interface GigabitEthernet0/1 8006
ip nat inside source static tcp 10.20.7.26 2006 interface GigabitEthernet0/1 2006
ip nat inside source static tcp 10.20.7.27 8007 interface GigabitEthernet0/1 8007
ip nat inside source static tcp 10.20.7.27 2007 interface GigabitEthernet0/1 2007
ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 1 permit 10.20.7.0 0.0.0.255
access-list 1 permit 10.20.6.0 0.0.0.255
!
!
!
control-plane
!
bridge 2 protocol ieee
bridge 2 route ip
alias exec s sh ip int br
!
line con 0
exec-timeout 0 0
line aux 0
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp update-calendar
end
