VLAN Port forwarding (need help)

Nayt · ‎04-07-2022

Hello,

I've set up a small home network, home router 192.168.0.1 -> Cisco 2901 192.168.100.1 -> switch 10.10.(10-30).1 (VLAN 1,2,3) -> server (Vlan 1) (10.10.10.4)

Now i'm trying to run a service that binds on my main public ip (game server), how do i go around the port forwarding/config?

Regards,

N

ADDED CONFIG

Building configuration...

Current configuration : 2009 bytes
!
! Last configuration change at 14:00:56 UTC Thu Apr 7 2022
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE-1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXX.
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2901/K9 sn XXXXXXXXX
!
!
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.4 28015 86.23.91.190 28015 extendable
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 10.10.10.0 255.255.255.0 192.168.100.2
ip route 10.10.20.0 255.255.255.0 192.168.100.2
ip route 10.10.30.0 255.255.255.0 192.168.100.2
!
!
!
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255
access-list 1 permit 10.10.30.0 0.0.0.255
!
control-plane
!
!
!
line con 0
password XXXX
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
line vty 5 15
login
transport input none
!
scheduler allocate 20000 1000
ntp server pnpntpserver.Hitronhub.home
!
end

Georg Pauwen · ‎04-07-2022

Hello,

you are running into a known problem with double NAT. The 'easiest' way to fix this is to put your ISP router/modem in 'bridge' mode. What brand/type/model is your ISP modem/router ?

paul driver · ‎04-07-2022

Hello
your nat and acl statements look okay,try the following

no ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 gig0/0 dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Nayt · ‎04-07-2022

Tried and did not work, I can use the DMZ feature on my hub router if that is better? (not sure where to do from there config wise) but i cannot put it in bridge mode

paul driver · ‎04-07-2022

Hello
Can you confirm-
can you reach that specific internal host from any other internet host via tcp 28015

Also from any other host on the same internal network can you reach the internet - meaning does your dynamic pat work?

Lastly are you trying to reach that internal host from another internal host via its natted public ip address?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul