08-19-2007 10:06 PM - edited 03-03-2019 06:22 PM
hello all,
THE scenario is as follows.
serial0- public ip (goes to internet)
e0 - public ip / 248
e1 - private ip (web server resides with IPwww)
- we are hosting our own web server which resides on the e1 subnet.
- The plan is to do a natting from one of the public ip on the e0 subnet (ie. IP1 to the private ip of the web server on the e1 subnet IPwww.
We cant make it work at all.
Are we doing something logical?
Please advise.
Thanks
08-19-2007 10:42 PM
Hi
It's a bit difficult to say without seeing the config. Assuming this is a router running IOS
private IP of web server: 192.168.5.10
public IP of web server: 217.22.17.10
ip nat inside source static 192.168.5.1.0 217.22.17.10
interface e0
ip nat outside
interface e1
ip nat inside
HTH
Jon
08-19-2007 10:51 PM
Hi Jon,
I doubt that he can NAT the server on the e1 subnet with an IP from the e0 subnet (directly connected to e0) what do you think about it.
BR,
Mohammed Mahmoud.
08-19-2007 10:53 PM
Hi Mohammed
Hope study is going well.
Not sure what you mean by this. Why could he not just use one of his spare public IP addresses to present the private IP externally.
Have i missed something ?
Jon
Edit - Ahh i think i see what you mean. is it because the serial interface is the one that connects to the internet ?
08-19-2007 11:01 PM
Hi Jon,
Studying is going well i hope :) thanks for asking.
I only doubted it routing wise, the IP will be directly connected to interface e0, but according to the NAT order of operation, since the NAT outside to inside (global to local translation) does NATing then routing, then the traffic will be NATed to the correct inside local IP and then would be routed to the right interface, what do you think about this.
BR,
Mohammed Mahmoud.
08-19-2007 10:42 PM
Hi
For this to work u need to have a static nat configured.
make u r e0 and so as nat outside.
and e1 as u r nat inside.
then u can define the static nat as below
ip nat inside source static (private IP) (public IP)
Thanks
Mahmood
08-20-2007 03:49 AM
BELOW IS THE CURRENT RELEVANT CONFIG.
interface FastEthernet0/0
ip address 8x.x.x 255.255.255.240
ip nat outside
load-interval 30
duplex auto
speed auto
random-detect
!
interface FastEthernet0/1
ip address 192.168.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
bandwidth 1024
ip address 8y.y.y.y 255.255.255.252
ip nat outside
load-interval 30
no keepalive
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
08-20-2007 04:17 AM
One thing, if i give the ff. command, i will be able to ping, but not http
ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)
08-20-2007 06:22 AM
Hi
have a look at previous post i sent. You do not have a static nat translation for the web server.
The fastethernet0/0 overload nat statement will not allow you to connect from outside to the web server.
Jon
08-20-2007 07:05 AM
after ive put the below command, iwas able to ping but not http
ip nat source static 192.168.0.www(actual web) IPa(public ip on e0)
IPa is a public IP address on the e0 subnet. its not the e0 itself
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide