Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3316
Views
5
Helpful
7
Replies

Problem port forward Router 1841

Go to solution
andres.henriquez
Level 1
Level 1

‎05-16-2013 06:24 PM - edited ‎03-04-2019 07:55 PM

Hello guys

I tried to connect a FTP Server in CentOS

i need a port forward for access from internet, i specify in config port forward but doesn't work

Thanks a lot!

Router#show running-config

Building configuration...

Current configuration : 2404 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

clock timezone Santiag -4

clock summer-time Santiag date Mar 9 2003 12:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool InternalIP

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 200.28.4.130 200.28.4.129

!

!

ip ips po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

description $FW_INSIDE$$ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface Dialer0

description Conect to ONLINE$FW_OUTSIDE$

ip address negotiated

ip mtu 1454

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username XXXXXXXXXXXXX password 0 XXXXXX

!

interface Dialer20

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.123 22 interface Dialer0 22

ip nat inside source static tcp 192.168.1.123 21 interface Dialer0 21

ip nat inside source static tcp 192.168.1.123 20 interface Dialer0 20

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to andres.henriquez

‎05-23-2013 12:25 AM

Hi,

When you say it is not working from the internet, how do you test it? from a host on the internet or from a host inside by specifying the outside public address? if the latter then it won't work because NAT hairpinning is not supported by the Cisco devices.Also as a sidenote the MTU should be 1492 if you set the MSS to 1452 because the IP header is more than 2 bytes( you put the MTU to 1454 !!).

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

7 Replies 7

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎05-17-2013 01:25 AM

Hi,

How did you test it ? Is it working when accessing the private IP from the LAN ? Have you verified there are no filtering on the CentOS machine ?

And by the way I don't see ACL 1 used for NAT overload.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Murad
Level 1
Level 1

‎05-17-2013 06:00 AM

Hi,

Please try to change to these commands. they work for me.

ip nat pool testpool Dialer0 Dialer0 prefix-length xxxx

ip nat inside source static tcp 192.168.1.123 22 interface Dialer0 22 extendable

ip nat inside source static tcp 192.168.1.123 21 interface Dialer0 21 extendable

ip nat inside source static tcp 192.168.1.123 20 interface Dialer0 20 extendable

access-list 1 permit 192.168.1.0 0.0.0.255

Regards,

Murad

0 Helpful

Go to solution
Murad
Level 1
Level 1

‎05-17-2013 06:15 AM

Dont forget to enter below command after " ip nat pool testpool Dialer0 Dialer0 prefix-length xxxx".

ip nat inside source list 1 pool testpool overload

Sorry i forgot to write it down.

Hope it will help.

Murad

0 Helpful

Go to solution
andres.henriquez
Level 1
Level 1

‎05-18-2013 12:58 PM

Thanks a lot, i do some tests with your suggestions

0 Helpful

Go to solution
andres.henriquez
Level 1
Level 1

‎05-22-2013 01:16 PM

@cadet-alain

I tested in my LAN network and work it through ssh, but it does not work when i try enter through the Internet.

The ACL was in the config.

@murad-ali

I can't try these comand because the IOS does not suppot it.


This is my IOS version:

Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.3(8)T11, RELEASE SOFTWARE (fc1)

This is my actual config:

Building configuration...

Current configuration : 1869 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

clock timezone Santiag -4

clock summer-time Santiag date Mar 9 2003 12:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool InternalIP

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 200.28.4.130 200.28.4.129

!

!

ip ips po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/1

description $FW_INSIDE$$ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

!

interface Dialer0

description Conect to ONLINE$FW_OUTSIDE$

ip address negotiated

ip mtu 1454

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username xxxxxxxxxxxx password 0 xxxxxx

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.123 20 interface Dialer0 20

ip nat inside source static tcp 192.168.1.123 21 interface Dialer0 21

ip nat inside source static tcp 192.168.1.123 22 interface Dialer0 22

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip list 1

!

!

control-plane

!

!

line con 0

password cisco

login

line aux 0

line vty 0 4

password cisco

login

!

end

Thanks a lot!

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to andres.henriquez

‎05-23-2013 12:25 AM

Hi,

When you say it is not working from the internet, how do you test it? from a host on the internet or from a host inside by specifying the outside public address? if the latter then it won't work because NAT hairpinning is not supported by the Cisco devices.Also as a sidenote the MTU should be 1492 if you set the MSS to 1452 because the IP header is more than 2 bytes( you put the MTU to 1454 !!).

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Go to solution
andres.henriquez
Level 1
Level 1
In response to cadet alain

‎05-27-2013 02:59 PM

Thank you. That was the reason, NAT Hairpinning. Now I want ask you about some suggestion for the rules NAT to help it work better with FTP. Because when I want to transfer files larger than 10mb connection is lost.

Regards

Thanks a lot.

0 Helpful
Customers Also Viewed These Support Documents