Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
321
Views
0
Helpful
1
Replies

NAT problem???

johnny_5
Level 1
Level 1

‎02-20-2015 12:20 PM - edited ‎03-07-2019 10:46 PM

I'm trying to set up an Apache webserver within my network that our users can access from outside(public IP).

The web server is up and running - I can navigate from my network to  IP 192.168.2.32

However I am unable to hit it using the public IP assigned 12.218.xxx.xxx

I have included some of the config below if anybody has any ideas:

 

interface FastEthernet0/0
 ip address 12.218.xxx.xxx 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 service-policy output physical
 !
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 description  LAN
 encapsulation dot1Q 1 native
 ip address 192.168.2.254 255.255.254.0
 ip access-group 120 in
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly

!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 12.218.xxx.xxx
ip route 10.5.5.0 255.255.255.0 10.5.1.1
ip route 10.10.0.0 255.255.255.0 172.17.0.5
ip route 10.10.200.0 255.255.255.0 172.17.0.5
!etc etc...

!
ip flow-top-talkers
 top 20
 sort-by bytes
 cache-timeout 3000
!
ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source static 192.168.2.32 12.218.xxx.xxx extendable
!
access-list 2 permit 192.168.2.0 0.0.0.255
access-list 2 permit 10.5.5.0 0.0.0.255
access-list 2 permit 10.5.1.0 0.0.0.255
access-list 2 permit 10.27.131.0 0.0.0.255
access-list 2 permit 10.27.129.0 0.0.0.255
access-list 2 permit 172.17.0.0 0.0.0.255
access-list 2 permit 192.168.50.0 0.0.0.255
access-list 120 permit tcp host 192.168.2.23 any eq smtp
access-list 120 permit tcp host 192.168.2.27 any eq smtp
access-list 120 permit tcp host 192.168.3.201 any eq smtp
access-list 120 permit tcp host 192.168.2.13 any eq smtp
access-list 120 deny   tcp any any eq smtp
access-list 120 permit ip 192.168.2.0 0.0.1.255 any
access-list 120 permit ip 10.27.131.0 0.0.0.255 any
access-list 120 permit ip 10.27.129.0 0.0.0.255 any
access-list 120 permit ip 10.27.130.0 0.0.0.255 any
access-list 120 permit ip 10.10.200.0 0.0.0.255 any
access-list 120 permit ip 10.10.0.0 0.0.0.255 any
access-list 120 permit ip 172.17.0.0 0.0.0.255 any
access-list 120 permit udp any any eq bootps
access-list 120 permit udp any any eq bootpc
access-list 120 permit ip 192.168.50.0 0.0.0.255 any
access-list 120 permit ip host 12.218.xxx.xxx any
access-list 120 permit ip any host 12.218.xxx.xxx
access-list 150 permit ip any 192.168.50.0 0.0.0.255
access-list 150 permit ip 192.168.50.0 0.0.0.255 any

 

Labels:
0 Helpful
1 Reply 1

Vasilii Mikhailovskii
Level 7
Level 7

‎02-24-2015 12:10 PM

If you mean you can't access the server from outside with public IP-address, then you need to change your static NAT to static port NAT with tcp 80.

0 Helpful
Top