871w - Open NAT for xbox live

ckendzora · ‎01-05-2011

Hey all,

I cannot seem to get my config quite right. I want to open my NAT but I can only seem to get it to moderate. I think it has something to do with my ACL because I am pretty sure that I did all the port forwarding correctly. It must be a small thing I am missing because all my computers, wireless, and the xbox work and connect but I just cannot seem to get the NAT completely open.

Here is the config from the relevant section on my router. Fa4 is the modem and Fa2 is the xbox which I have connecting staticallly using 192.168.1.51. Any ideas what I am doing wrong? Do I just need a permit statement for the relevant ports inside the access-list?

ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.51 80 interface FastEthernet2 80
ip nat inside source static tcp 192.168.1.51 53 interface FastEthernet2 53
ip nat inside source static tcp 192.168.1.51 3074 interface FastEthernet2 3074
ip nat inside source static udp 192.168.1.51 3074 interface FastEthernet2 3074
ip nat inside source static udp 192.168.1.51 88 interface FastEthernet2 88
ip nat inside source static udp 192.168.1.51 53 interface FastEthernet2 53
!
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255

cadet alain · ‎01-05-2011

Hi,

Do I just need a permit statement for the relevant ports inside the access-list?

Yes.

Regards.

Alain.

Don't forget to rate helpful posts.

ckendzora · ‎01-06-2011

I updated my config and I still cannot get this to work.... I know it has to be something I am missing. I included some more of the information that might be needed to troubleshoot this. Everything I can find on the net shows that I must be close. I can only assume that I have either the IP address or the interface incorrect in my NAT statements. The address is set to 192.168.1.1 because this is the IP address of the BVI1 interface. I realize this is also the gateway and probably is set wrong. The only problem is that if I put 192.168.1.102(what dhcp assigns the xbox) in the nat statements it will not connect to the net at all. With the setup as shown it will connect but with a moderate, not open, setting. I cannot manually assign fast ethernet2 an IP because of an "internet protocol processing disabled" message. I have been pulling my hair out over this. Any ides?

interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly

!

!
interface FastEthernet0
description PC_upstairs
spanning-tree portfast
!
interface FastEthernet1
description PC_downstairs
spanning-tree portfast
!
interface FastEthernet2
description xbox360
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
description WAN connection
ip address dhcp
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable

!

ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.102 3074 interface BVI1 3074
ip nat inside source static udp 192.168.1.102 3074 interface BVI1 3074
ip nat inside source static udp 192.168.1.102 88 interface BVI1 88
!
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
permit tcp any any eq 3074
permit udp any any eq 88
permit udp any any eq 3074
!
access-list 1 permit 192.168.1.0 0.0.0.255

stratton65 · ‎01-20-2011

Have you found a solution to this issue yet? I am having the exact same trouble on a 861. Been jumping through hoops all evening to no avail. Any help would be appreciated.

Varun Uniyal · ‎01-20-2011

you are using :

ip nat inside source static tcp 192.168.1.102 3074 interface BVI1 3074
ip nat inside source static udp 192.168.1.102 3074 interface BVI1 3074
ip nat inside source static udp 192.168.1.102 88 interface BVI1 88

BVI is the inside interface. you need to specify the outside interface instead to open port from the outside.

try :

ip nat inside source static tcp 192.168.1.102 3074 interface fa4 3074