Solved: Network translation and port forwarding causing host to timeout

yassine_hell · ‎12-31-2015

Im trying to setup a small network, consisting of 3 routers/switch and one L3Switch:

I have activated PAT on both router R1 and R2, to translate from the private ip to the public ip,

When pinging from Host bizerte or Server to the all the public addresses everything works fine.

Now i have setup a port forwarding on router R3 to forward all incoming packets on por 80 to the server.

when i telnet from R1 to : telnet 41.224.0.3 80

it works fine, and the translation is successful,

but when i try use the same command using the Bizerte Host, the translation fails, and checking the server, i can't even ping on the router R3 (172.16.5.65)

and inorder to restore connectivity i have to shutdown the interface e0, and no shutdown it again.

here are the routers config!

R3: http://pastebin.com/Fq9228Y8

R1: http://pastebin.com/iU4BQGSL

From the nat debug output and wireshark capture, it seems that the router R3 actually sends a respond to router R1, but router R1 is not routing/forwarding back the response to the host (Bizerte here).

NAT debug output:

Router R1:

*Mar 1 00:20:24.607: NAT: [0] Allocated Port for 172.16.1.3 -> 41.224.0.1: wanted 1043 got 1043
*Mar 1 00:20:24.607: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [176]
*Mar 1 00:20:24.611: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [176]
*Mar 1 00:20:24.611: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [176]
*Mar 1 00:20:24.635: NAT*: o: tcp (41.224.0.3, 80) -> (41.224.0.1, 1043) [1098]
*Mar 1 00:20:24.639: NAT*: s=41.224.0.3, d=41.224.0.1->172.16.1.3 [1098]
*Mar 1 00:20:24.639: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [177]
*Mar 1 00:20:24.639: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [177]
R1#
*Mar 1 00:20:44.811: NAT*: o: tcp (41.224.0.3, 80) -> (41.224.0.1, 1043) [1107]
*Mar 1 00:20:44.815: NAT*: s=41.224.0.3, d=41.224.0.1->172.16.1.3 [1107]
*Mar 1 00:20:44.847: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [178]
*Mar 1 00:20:44.847: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [178]
*Mar 1 00:20:44.851: NAT: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [179]
*Mar 1 00:20:44.851: NAT: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [179]
R1#
*Mar 1 00:20:47.967: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [180]
*Mar 1 00:20:47.967: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [180]
R1#
*Mar 1 00:20:53.747: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [181]
*Mar 1 00:20:53.747: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [181]
R1#
*Mar 1 00:21:05.107: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [182]
*Mar 1 00:21:05.111: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [182]
R1#
*Mar 1 00:21:27.723: NAT*: i: tcp (172.16.1.3, 1043) -> (41.224.0.3, 80) [183]
*Mar 1 00:21:27.723: NAT*: s=172.16.1.3->41.224.0.1, d=41.224.0.3 [183]

Router R3:

*Mar 1 00:20:55.247: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [176]
*Mar 1 00:20:55.251: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [176]
*Mar 1 00:20:55.251: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [176]
*Mar 1 00:20:55.279: NAT*: i: tcp (172.16.5.66, 80) -> (41.224.0.1, 1043) [1098]
*Mar 1 00:20:55.283: NAT*: s=172.16.5.66->41.224.0.3, d=41.224.0.1 [1098]
*Mar 1 00:20:55.287: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [177]
*Mar 1 00:20:55.287: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [177]
R3#
*Mar 1 00:21:15.291: NAT*: i: tcp (172.16.5.66, 80) -> (41.224.0.1, 1043) [1107]
*Mar 1 00:21:15.291: NAT*: s=172.16.5.66->41.224.0.3, d=41.224.0.1 [1107]
*Mar 1 00:21:15.351: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [178]
*Mar 1 00:21:15.355: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [178]
*Mar 1 00:21:15.355: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [179]
*Mar 1 00:21:15.355: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [179]
R3#
*Mar 1 00:21:18.523: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [180]
*Mar 1 00:21:18.527: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [180]
R3#
*Mar 1 00:21:24.291: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [181]
*Mar 1 00:21:24.291: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [181]
R3#
*Mar 1 00:21:35.651: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [182]
*Mar 1 00:21:35.651: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [182]
R3#
*Mar 1 00:21:58.123: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [183]
*Mar 1 00:21:58.123: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [183]
R3#
*Mar 1 00:22:42.831: NAT*: o: tcp (41.224.0.1, 1043) -> (41.224.0.3, 80) [185]
*Mar 1 00:22:42.831: NAT*: s=41.224.0.1, d=41.224.0.3->172.16.5.66 [185]

Philip D'Ath · ‎12-31-2015

I am relatively confident there is nothing wrong with either router config.

I'm going to out my money on an IOS bug. 12.4 is pretty old now. Are you able to put on something a little bit newer?

View solution in original post

Philip D'Ath · ‎12-31-2015

I am relatively confident there is nothing wrong with either router config.

I'm going to out my money on an IOS bug. 12.4 is pretty old now. Are you able to put on something a little bit newer?

yassine_hell · ‎12-31-2015

Ok i will try with another image, for now i have edited my question and posted the NAT debug output.

yassine_hell · ‎12-31-2015

I have tired with the C7200 15.2 and it worked just fine.

Thats so strange ..

But thank you this drove me cray ... for 2 days ...