Solved: Re: Public IP's Behind Static IP - Page 2

Frosty3222 · ‎01-20-2007

Hello, I have a 827 router with a assigned static ip of xxx.xxx.xxx.142 255.255.255.0 as well as a block of public IP's which have a net mask of 255.255.255.248 . I would like all the hosts with the block of public ip's to be visible to the internet. I don't wish to use DHCP or NAT/PAT, just straight routing. Thanks.

Frosty3222 · ‎01-20-2007

Hello, thanks to a quick fix to a faulty NIC, I can now access the internet from the server as well as access the server from another host on the same LAN/Netmask. I however cannot access the server from another ISP on the WAN side. I also went over the firewall on the server. It doesn't seem to be a issue. I double checked the netmask for the static WAN, it is what the ISP gave me.

Thanks

mohammedmahmoud · ‎01-21-2007

Hi there,

This /24 WAN IPs is still a weired thing, anyway u can't reach the server from another provider because of the NAT configuration, try access "http://whatsmyip.org/" from your server to see th ip address that your server goes to the outside world with (it should be your WAN ip not the manually configured server ip).

HTH,

Mohammed Mahmoud.

Frosty3222 · ‎01-21-2007

Yes the IP address did come up with the WAN ip. How do I configure it so that the server is reachable with its own public IP ? And also any other servers behind the router with their own public ips ?

Thanks

mohammedmahmoud · ‎01-21-2007

Hi there,

I am glade that we are reaching somewhere. In order to make it reachable to the internet with its public ip address you'll have to:

Remove the NAT configuration.

Make sure that your ISP has routed your LAN IPs to your WAN IPs or to your router.

Use default route at your router.

HTH, please rate if helpful,

Mohammed Mahmoud.

Frosty3222 · ‎01-21-2007

NAT configuration is removed. (See post config above)

ISP has routed Block of public IPs to static WAN. If I do a trace route to the public IP of the server it stops at the WAN side of the router with the LAN side unreachable. I am not sure what you mean by default route at the router ?

Thanks

mohammedmahmoud · ‎01-21-2007

Hi there,

If the servers on the LAN are unreachable from the internet:

Check connectivity problems between the server and the router, simply ping the router from the server.

Check the default gateway on the server (must be the IP address of the router's LAN interface facing the server)

Check that the router has a default route pointing either to the outgoing interface connecting to the internet, or to the next-hop ip address which is the ip address of the first hop (router) facing you in your ISP.

HTH,

Mohammed Mahmoud.

Frosty3222 · ‎01-21-2007

No connectivity issues between the server and router. Ping successful. Server default gateway is the LAN interface on the router. Please see posted config for possible errors. This is the only router. i.e. the WAN interface is facing the ISP.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip name-server xxx.xxx.xxx.xxx

!

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

!

partition flash 2 6 2

!

interface Ethernet0

ip address xxx.xxx.xxx.xxx 255.255.255.248

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

interface Dialer1

ip address yyy.yyy.yyy.yyy 255.255.255.0

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxx

ppp chap password yyyyyyyyyyyyyyyyyyyy

ppp pap sent-username xxxxxx password yyyyyyy

!

ip nat inside source list 102 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

ip http access-class 23

!

access-list 23 permit xxx.xxx.xxx.0 0.0.0.7

access-list 102 permit ip xxx.xxx.xxx.0 0.0.0.7 any

dialer-list 1 protocol ip permit

!

line con 0

stopbits 1

line vty 0 4

access-class 23 in

exec-timeout 120 0

login

length 0

!

scheduler max-task-time 5000

end

Thanks

Alessandro Veras · ‎01-21-2007

Hi Frosty.

By default route we mean this part of your router configuration.

<<

ip route 0.0.0.0 0.0.0.0 Dialer1

>>

I don't get your wan connection. This is a ADSL connection ? Ip address of your router is dynamically assigned by your ISP. This interface, Dialer1 is the interface that gets the ip address of wan connection ?

Anyway, you can do a test pinging any other address on internet using the ip address of your ethernet interface.

The command is:

ping x.x.x.x source ethernet 0

or if you IOS dont't supoort this commmand

ping ip

Target IP address: x.x.x.x

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: Ethernet0

With this you can exclude your lan network connectivity.

Hope helpfully.

Best Regards.

Frosty3222 · ‎01-21-2007

It is a 827 router with a ADSL connection.

The WAN IP address is static.

I have a block of 6 public IP's on the LAN side I wish to make accessible from the internet. One of those IP's is assigned to the LAN port. I can access the internet from the server on the LAN, but I can not access the server from the internet. If I traceroute to the server's IP from a separate ISP it stops at the WAN side of the router.

Thanks

mohammedmahmoud · ‎01-21-2007

Hi there,

I can see that the NAT configuration is still there, kindly remove the "ip nat outside" from the dialer interface, and "ip nat inside" from the LAN interface (ethernet0), using "no ip nat outside" and "no ip nat inside" on the respective interface.

HTH, please rate if helpful,

Mohammed Mahmoud.

Frosty3222 · ‎01-22-2007

That solved the problem.

Thank you very much for your help.

mohammedmahmoud · ‎01-23-2007

Hi John,

You are more than welcomed.

best regards,

Mohammed Mahmoud.