NAT not working on Port 80
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
NAT not working on Port 80

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco
Author Message
Fred Atkinson
Guest
Posted: Fri Dec 17, 2004 5:48 am    Post subject: NAT not working on Port 80 Reply with quote
I have Apache Webserver installed on host 10.10.10.200 on my
home network. I am trying to make it accessible to the outside. My
NAT configurations presently are:

ip nat inside source static tcp 10.10.10.200 21 interface Ethernet1 21
ip nat inside source static tcp 10.10.10.200 80 interface Ethernet1 80
ip nat inside source static tcp 10.10.10.200 20 interface Ethernet1 20
ip nat inside source static tcp 10.10.10.200 69 interface Ethernet1 69

When I bring up the local outside IP address (the address of
my router gateway to my cablemodem provider), I get the Web Interface
of my Cisco 831 router rather than my Webserver. This shouldn't
happen since I have translated port 80 to be routed directly to my
Webserver.

Any suggestions?



Fred
Back to top
RobO
Guest
Posted: Fri Dec 17, 2004 6:32 am    Post subject: Re: NAT not working on Port 80 Reply with quote
Hi Fred!

Firstly - I assume that you have "ip nat inside" applied on the
internal interface and "ip nat outside" on the external interface.
Nat must be set up correctly otherwise it wont translate.
Quote:
Add "extendable" to all the static entries you have above at the end
of each line.
How is your inbound access-lists setup you should have a permit entry
towards the top of the list looking something like this:

access-list 123 permit tcp any host 10.10.10.200 eq www.
Quote:
You can do a "show ip nat translations" which will show you all the
NAT translations this can give you a good idea if the NAT is actually

taking place or not.

PS Also make sure if you not going to use CRWS make sure you just
restrict it to the internal network or disable it.

Good Luck

Rob
Back to top
Fred Atkinson
Guest
Posted: Fri Dec 17, 2004 7:02 am    Post subject: Re: NAT not working on Port 80 Reply with quote
Quote:
Hi Fred!

Hello to you, Rob. Merry Christmas.

Quote:
Firstly - I assume that you have "ip nat inside" applied on the
internal interface and "ip nat outside" on the external interface.
Nat must be set up correctly otherwise it wont translate.

That is correct.

Quote:
Add "extendable" to all the static entries you have above at the end
of each line.

I tried to do that with port 80. But it wouldn't take the
extendable command on the end of the line.

Quote:
How is your inbound access-lists setup you should have a permit entry
towards the top of the list looking something like this:
access-list 123 permit tcp any host 10.10.10.200 eq www.

This is what I have:

ip nat inside source list 102 interface Ethernet1
overload

access-list 102 permit ip 10.10.10.0 0.0.0.255 any

Quote:
You can do a "show ip nat translations" which will show you all the
NAT translations this can give you a good idea if the NAT is actually
taking place or not.

This is what came up when I did that:

Pro Inside global Inside local Outside local Outside
global
udp 24.88.6.201:1024 10.10.10.2:5061 216.115.25.201:5061
216.115.25.201:506
1
tcp 24.88.6.201:20 10.10.10.200:20 --- ---
tcp 24.88.6.201:21 10.10.10.200:21 --- ---
tcp 24.88.6.201:69 10.10.10.200:69 --- ---
tcp 24.88.6.201:80 10.10.10.200:80 --- ---
tcp 24.88.6.201:1034 10.10.10.200:1034 66.135.195.87:443
66.135.195.87:443
--- 24.88.6.201 10.10.10.200 --- ---


Quote:
PS Also make sure if you not going to use CRWS make sure you just
restrict it to the internal network or disable it.

Not sure how to restrict it to the internal network. But I'll
look into it.

Quote:
Good Luck

Thanks,

Quote:
Rob


Fred
Back to top
RobO
Guest
Posted: Fri Dec 17, 2004 7:25 am    Post subject: Re: NAT not working on Port 80 Reply with quote
Fred,
Merry Christmas to you!!!
Looks like your NAT is set up fine.
Its pointing towards your inbound access-list from the internet
access-list 102 is only for NAT operations its not for blocking
anything.
You'll need to setup an inbound acl with the example I have given above
to allow access to port 80(www) otherwise it will just block.
Possibly disabling the CRWS(no ip http server) and testing it to see if
thats not stopping you get in.

To restrict access to the CRWS create a standard acl :

access-list 10 permit 10.10.10.0 0.0.0.255
then apply it with
ip http access-class 10

This will only allow internal machines to connect to the CRWS.
Thats it

Hope this helps

Rob
Back to top
RobO
Guest
Posted: Fri Dec 17, 2004 7:30 am    Post subject: Re: NAT not working on Port 80 Reply with quote
Fred,

Forgot to mention you can set CRWS to listen on another port:
ip http port (no)
Instead of disabling it just change the port to something like 81 or
8080.
This way you know nothing else should interfere.

Rob
Back to top
Fred Atkinson
Guest
Posted: Fri Dec 17, 2004 7:36 am    Post subject: Re: NAT not working on Port 80 Reply with quote
Rob,

I turned off the ip http server. Now I can get the server on
the inside. Just fine, too.

I can still access it with https://.... when needed.

Have the honor of being the first to pull up my Webserver at
http://www.mishmash.org.

Thanks, and I very much appreciate the help here.

Happy holidays,


Fred Atkinson
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB