05-01-2016 09:35 AM - edited 03-08-2019 05:34 AM
Greetings,
I have the following issue:
I've got a 2821 router configured for NAT. It's supposed to grant access to a webserver on the local network at address 192.168.1.46, port 8080 from the outside network. The network address translation is working, I can see it with this command:
master#sh ip nat statistics
Total active translations: 4 (0 static, 4 dynamic; 4 extended)
Peak translations: 8, occurred 00:19:28 ago
Outside interfaces:
GigabitEthernet0/1
Inside interfaces:
GigabitEthernet0/0
Hits: 54 Misses: 0
CEF Translated packets: 54, CEF Punted packets: 0
Expired translations: 15
Dynamic mappings:
-- Inside Source
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
However, the web server is still unreachable - no traffic is coming from it when I try to access it from the outside. Please help troubleshoot this, I am at a loss here.
Here is my router's config:
master#sh running-config
Building configuration...
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname master
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
archive
log config
hidekeys
!
redundancy
!
interface GigabitEthernet0/0
description LAN
ip address 192.168.1.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description WAN
ip address <Public IP address given by ISP> 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static tcp 192.168.1.46 8080 interface GigabitEthernet0/1 8080
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 <ISP's gateway>
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
!
mgcp profile default
!
Solved! Go to Solution.
05-01-2016 01:25 PM
Is the Web server reachable (pingable) from outside and does it resolve to 192.168.2.46 correctly? What is the output of "sh ip nat translation"?
HTH
05-01-2016 10:00 AM
Hi,
Can you test using the actual IP address of the service provider?
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.46 8080 <ip address of the provider> 8080 extendable
HTH
05-01-2016 12:55 PM
Thank you for the suggestion, but no change.
Here's what I've done: I've removed the previous line like this:
no ip nat inside source static tcp 192.168.1.46 8080 GigabitEthernet0/1 8080
and added yours:
ip nat inside source static tcp 192.168.1.46 8080 <ip address of the provider> 8080 extendable
05-01-2016 01:25 PM
Is the Web server reachable (pingable) from outside and does it resolve to 192.168.2.46 correctly? What is the output of "sh ip nat translation"?
HTH
05-01-2016 02:27 PM
I cannot ping it from outside, as I have said before: the connection is not established.
However, I see that NAT is working:
master#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp <gateway public IP>:8080 192.168.1.46:8080 <gateway public IP>:50456 <gateway public IP>:50456
tcp <gateway public IP>:8080 192.168.1.46:8080 --- ---
05-02-2016 01:26 AM
Hi,
your NAT looks OK.
Are you sure your web server is really working on port 8080?
BR,
Milan
05-02-2016 01:47 AM
Absolutely:
master#telnet 192.168.1.46 8080
Trying 192.168.1.46, 8080 ... Open
GET /index.html
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>Apache Tomcat</title></head><body> <h1>It works !</h1><p>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p>
05-02-2016 03:35 PM
The solution was trivial, as most of them are - the local web server did not have a proper default gateway set. Changing that to the router that I am configuring fixed the issue. Thank you everyone, you've led me to the right solution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide