02-10-2013 10:40 AM - edited 03-07-2019 11:38 AM
Hi Everybody,
I'm still a bit new to working with Cisco equipment, I've been studying for my CCENT over the past few months and I've decided to get some Cisco gear in my home to manage my home network. I have a web server running on my LAN currently and I'm trying to get everything on port 80 forwarded to the webserver. Here's what I have so far:
Current configuration:
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
ip subnet-zero
ip dhcp excluded-address 10.1.1.1 10.1.1.19
!
ip dhcp pool main
network 10.1.1.0 255.255.255.0
default-router 10.1.1.2
dns-server 75.75.75.75
!
!
!
!
interface FastEthernet0/0
ip address 71.58.59.225 255.255.248.0
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 10.1.1.2 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 10.1.1.22 80 71.58.59.225 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 71.58.56.1
ip route 72.58.56.0 255.255.248.0 FastEthernet0/0
ip route 192.168.1.0 255.255.255.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 10.1.1.20
no ip http server
!
access-list 100 permit ip 10.1.1.0 0.0.0.255 any
access-list 100 permit tcp any host 71.58.59.225 eq www
<snip>
end
I've done quite a bit of reading but I can't pin down what the problem is - I suspect it might have something to do with access lists (I'm not entirely familiar with this topic, if there is a good post that explains it, please let me know!) But all in all, I'm not really sure whats going on. The server is listening on port 80 and I can access it while on the LAN, but attempting to access it using my WAN IP fails.
Thanks for any help you guys can provide!
Solved! Go to Solution.
02-10-2013 04:11 PM
The other thing to consider is if you are trying to access your web server via the WAN IP from your internal LAN it's never going to work.
If you really want to test you will need to actually be outside of the network. Possibly on a data enabled cell phone.
Elton
Sent from Cisco Technical Support iPhone App
02-10-2013 04:09 PM
I would remove the second entry from your access list 100 and see if that works.
Elton
Sent from Cisco Technical Support iPhone App
02-10-2013 05:45 PM
Wow - that was it! I feel incredibly dumb! Thanks Elton!
(replied to the wrong message, it was me being dumb trying to access via WAN IP on the LAN)
02-10-2013 04:11 PM
The other thing to consider is if you are trying to access your web server via the WAN IP from your internal LAN it's never going to work.
If you really want to test you will need to actually be outside of the network. Possibly on a data enabled cell phone.
Elton
Sent from Cisco Technical Support iPhone App
02-10-2013 05:49 PM
Glad it helped. I also ran into the same issue before and never found a good solution router configuration wise.
If you are having users access the server by DNS name and you are also running internal DNS services you can setup a record to point to the internal server IP to keep the traffic from needing to go out and come back in.
Please rate helpful posts.
Elton
Sent from Cisco Technical Support iPhone App
02-10-2013 05:57 PM
I do have an internal DNS server actually, I'll give that a whirl, thanks again, I really appreciate your help!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide