cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1900
Views
0
Helpful
14
Replies

Port Mapping Trouble

TheTrueMc128k
Beginner
Beginner

Hi

I'm installing my second cisco router in my home network, I will use it for remote access.

The problem comes with port mapping, I've been HOURS testing with no success, everything works, but the router doesn't forward the data.

Only the 5900 port worked (after a while), the 80 does not. it's a standard HTTP, reachable in LAN, but not outside.

Here's the config:

Current configuration : 3575 bytes

!

! Last configuration change at 23:48:26 CEST Sun Aug 7 2011 by mc128k

! NVRAM config last updated at 23:27:53 CEST Sun Aug 7 2011 by mc128k

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router-2600

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

enable secret 5 allright...

!

no aaa new-model

clock timezone CEST 2

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip bootp server

ip domain name you shouldn't know this

ip name-server 212.48.4.15

ip name-server 151.99.125.1

ip name-server 208.67.222.222

ip name-server 8.8.8.8

ip name-server 10.0.0.64

ip ddns update method sdm_ddns1

HTTP

  add you shouldn't know this

  remove you shouldn't know this

interval maximum 0 2 0 0

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!        

username mc128k privilege 15 secret 5 lol

!

!

ip ssh authentication-retries 2

ip ssh source-interface FastEthernet0/1

ip ssh version 2

!

!

!

!

!

interface FastEthernet0/0

description WAN Port

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no mop enabled

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

description LAN Port

ip address 10.0.0.128 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

no mop enabled

!

interface BRI1/0

no ip address

encapsulation hdlc

shutdown

!

interface BRI1/1

no ip address

encapsulation hdlc

shutdown

!

interface BRI1/2

no ip address

encapsulation hdlc

shutdown

!

interface BRI1/3

no ip address

encapsulation hdlc

shutdown

!

interface Dialer1

ip ddns update hostname www.apple.com

ip ddns update sdm_ddns1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication pap callin

ppp pap sent-username aliceadsl password bug

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 10.0.0.64 5900 interface Dialer1 5900

ip nat inside source static tcp 10.0.0.32 80 interface Dialer1 80

!

access-list 1 permit 10.0.0.0 0.0.0.255

!

!

!

control-plane

!

!

!

!

!

!        

!

!

!

!

gatekeeper

shutdown

!

banner login ^C

here lies the banner

^C

!

line con 0

logging synchronous

login local

line aux 0

line vty 0 4

exec-timeout 30 0

logging synchronous

login local

transport preferred ssh

transport input ssh

transport output ssh

line vty 5 6

login

transport preferred ssh

transport input ssh

transport output ssh

!

ntp clock-period 17180164

ntp server 83.103.98.242

!

end

I need to get many, MANY ports working. I can't have unstable configurations.

Thank you very much.

1 Accepted Solution

Accepted Solutions

When a device from outside tries to reach your internal server, it will use the external IP address of your router.

This address will be translated to your internal IP (port 80 only). When the server responds to this request, it will see the IP address which is a public IP and it will use its default gateway information to forward the packet.

If the default gateway information is pointing to your other router, the communication is broken because the remote device is expecting the reply to come from the 2600 router, not the 2800 router.

If you don't want to follow my suggestions, this is my last post on this thread.

Regards,

Edison

View solution in original post

14 Replies 14

Edison Ortiz
Hall of Fame Mentor Hall of Fame Mentor
Hall of Fame Mentor

When you reuse the same inside or outside address for port mapping, you need to add extendable keyword to the static nat translation:

http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Regards,

Edison