Re: Forward from Internet Problem

akatsouros · ‎07-31-2007

Hello all,

i have a big problem. i have a zyxel router with ip 192.168.1.1 that i take internet from (dsl router).

On my cisco 3750 i have setup a vlan with ip 192.168.1.100 (vlan4) to have internet connection

on the router i have add the following commands:

ip subnet-zero

ip routing

!

ip name-server 194.30.220.117

ip name-server 194.30.220.114

(these are the DNS of the internet provider)

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

-------------------

ip default-gateway 192.168.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

Also i have another vlan on the 3750 in the iprange 192.165.1.0 / 24

On the router 3750, i have also a vlan (vlan1) on the ip range 192.165.1.0/24. Now i want to have from the internet (i have a dyndns on the zyxel), in the incoming port 4868 a forward to the internal ip 192.165.1.2:4868, and a forward from the internet port 4869 to 192.165.1.3:4868, and a forward from the internet port 4870 to internal 192.165.1.4:4868. So when i want to access my servers i could do using each port as you see.

The problem is how this can be done.

I have setup the zyxel to forward all these ports (NAT) to 192.168.1.100 but even if the routing happens, the servers that are connected on the cisco do not reply. Any ideas please???

Thank you very much for your help!

This is the cisco Config:

Current configuration : 3282 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname R1

!

enable password pss

!

switch 2 provision ws-c3750g-24ts

ip subnet-zero

ip routing

!

ip name-server 194.30.220.117

ip name-server 194.30.220.114

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

---------

interface Vlan1

ip address 192.165.1.1 255.255.255.0

!

interface Vlan3

ip address 10.64.17.100 255.255.255.0

!

interface Vlan4

ip address 192.168.1.100 255.255.255.0

!

interface Vlan101

no ip address

!

interface Vlan201

ip address 10.65.1.32 255.255.255.0

!

interface Vlan221

ip address 10.65.21.32 255.255.255.0

!

ip default-gateway 192.168.1.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip http server

!

PETER EIJSBERG · ‎07-31-2007

Did you configure the Zyxel router to forward the TCP ports to the IP address of the actual servers? Cause from your explanation I understand that you forward traffic from the Internet to an IP address of the Cisco router, and that won't work.

Also, did you make sure that the Zyxel router has static routes to the other VLANs with next hop the Cisco router? Otherwise the Zyxel will route traffic back to the Internet using its default route for everything that is not locally attached to the ethernet interface.

Hope this helps a bit.

akatsouros · ‎07-31-2007

Hey, thanks for the response. I am really in trouble with these things...

i dont think that zyxel can have static routes to other vlabs with next hop the cisco router... i have zyxel 653hw. i think that the zyxel routes the response to the internet!!! so...

another idea i have is to put the whole network not in the 192.165.1.0 network but to move these clients to the same ip range as zyxel (192.168.1.x)

so i tried this...

now i have 192.168.1.1 which is zyxel, and 192.168.1.150 which is the vlan 1 of cisco and all clients at 192.168.1.x. But i also have 2 other vlans on the cisco that is 10.65.1.x / 24 and 10.64.1.x/24. All seem to be ok BUT even if from the router (cisco) i can ping everything, when i try to ping from my pc (192.168.1.10) a 10.64.1.x client I DO NOT GET RESPONSE!!!

From inside the cisco i can ping everything.

But if i go from one 192.168.1.x pc to ping the 10.64.1.x or 10.65.1.x network i get no response....

i cannot understand why this is crazy.....

any ideas pleasee???

Thansk a lot

akatsouros · ‎07-31-2007

Hey, thanks for the response. I am really in trouble with these things...

i dont think that zyxel can have static routes to other vlabs with next hop the cisco router... i have zyxel 653hw. i think that the zyxel routes the response to the internet!!! so...

another idea i have is to put the whole network not in the 192.165.1.0 network but to move these clients to the same ip range as zyxel (192.168.1.x)

so i tried this...

now i have 192.168.1.1 which is zyxel, and 192.168.1.150 which is the vlan 1 of cisco and all clients at 192.168.1.x. But i also have 2 other vlans on the cisco that is 10.65.1.x / 24 and 10.64.1.x/24. All seem to be ok BUT even if from the router (cisco) i can ping everything, when i try to ping from my pc (192.168.1.10) a 10.64.1.x client I DO NOT GET RESPONSE!!!

From inside the cisco i can ping everything.

But if i go from one 192.168.1.x pc to ping the 10.64.1.x or 10.65.1.x network i get no response....

i cannot understand why this is crazy.....

any ideas pleasee???

Thansk a lot

akatsouros · ‎07-31-2007

Hello again, thanks for your reply.... it has make me crazy since strange things happen...

from the router i can ping everything

but from a vlan client i can ping the ROUTER INTERFACE but not the target

i.e i have:

vlan 1 192.168.1.100 /24

vlan 2 10.65.5.1 / 24

vlan 3 10.64.5.1 /24

vlan4 192.168.2.100 / 24

from the router i can ping all clients i.e 10.64.5.10

but from a client from for example vlan 2, i can ping all other ports if/s (like 10.64.5.1) but I CANNOT ping 10.64.5.10 (a client).

i dont know if there is a fault to my config there. strange!

from the router i can also ping www.google.com !!!

but i cannot ping from a client nothing!!!!

on a client i have ie. ip 192.168.1.15 , mask 24 and gw: 192.168.1.100

nothing works

i also tried to put as gw the modem ip (192.168.1.1) nothing again

i cannot even ping an ip of an internet.

My cisco is 3750, a little bit old.... maybe this is the problem??

i already tried routing to zyxel.. it has routing only from telnet configuration... nothing changed...

also 3750 does not support ip nat inside etc...... what about this???

Thank you really for your great help....