Question

Locked

problems forwarding port 80 to web server

By jeff.friend ·
I have a Cisco 4000 series router and am trying to forward port 80 to my web server. When I try to access my website from any computer I get a failure to connect. I know it is my router configs because I've tested the web server connected straight to the cable modem and everything works fine. Here is my configs:


!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CougarRouter
!
enable secret 5 $1$irmt$MkCa6d3361d07QJoea6ok1
!
!
!
!
!
ip subnet-zero
no ip finger
ip name-server 68.105.29.12
ip name-server 68.105.28.11
!
!
!
process-max-time 200
!
interface Ethernet0
description Link to Internal Network
ip address 10.1.1.1 255.255.255.0
no ip unreachables
no ip directed-broadcast
ip nat inside
media-type 10BaseT
no cdp enable
!
interface Ethernet1
description Link to Web Server
ip address 10.1.2.1 255.255.255.0
no ip directed-broadcast
ip nat inside
media-type 10BaseT
no cdp enable
!
interface FastEthernet0
description Link to Internet
ip address 68.110.223.* 255.255.255.224
no ip redirects
no ip directed-broadcast
ip nat outside
no ip route-cache
no ip mroute-cache
full-duplex
no cdp enable
!
router rip
network 10.0.0.0
!
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 10.1.2.2 8080 interface FastEthernet0 8080
ip nat inside source static tcp 10.1.2.2 80 interface FastEthernet0 80
ip classless
ip route 0.0.0.0 0.0.0.0 68.110.223.161
ip route 0.0.0.0 0.0.0.0 10.1.2.2
no ip http server
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.1.2.0 0.0.0.255
no cdp run
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 140E1D08095673797D
login
!
end


Any help is appreciated,

-Jeff

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

First diable your ACLs see if its the ACL that is

by CG IT In reply to problems forwarding port ...

causing the problem.

IP route 0.0.0.0 to 68.x.x.x [and the ip route 0.0.0.0 to 10.x.x.x] doesn't get inbound http traffic from your public address [assume that's 68.x.x.x] to your web server [assume that the 10.x.x.x]

If your public address is a static address, then in Cisco lingo, that's your global local address. you can map the global local address to a private server address.

I won't tell you the exact configuration commands as that doesn't give you the "why" you do it that way. If you think in terms of inbound HTTP traffic to you [public address 68.x.x.x:80]needs to go to your web server [private address 10.x.x.x:80] then the configuration commands are pretty easy. That's provided that there is a DNS server somewhere out there that will resolve mydomain.com to your public address [68.x.x.x]

Last note: there is an implicit deny statement at the end of all ACLs [hidden] that will apply if all other allows don't apply to that particular inbound traffic. So if your ACL doesn't specifically allow HTTP traffic to go to the web server[allow any any port 80] then the ACL will specifically disallow the traffic. Therefore the packets are dropped.

One final note what WIC are you using? WIC-1T? WIC-T1? Cisco devices all use WICs for their WAN and the gateway of last resort will send the traffic to the serial interface.

Collapse -

WIC

by jeff.friend In reply to First diable your ACLs se ...

I'm using my Fast Ethernet port to connect to the Internet. It goes directly from the Fast Ethernet to the Cable modem. I added a permit any statement in my ACL and it still doesn't work. I'm new to the Cisco IOS so I figured the static NAT would work.


ip nat inside source static tcp 10.1.2.2 8080 interface FastEthernet0 8080

ip nat inside source static tcp 10.1.2.2 80 interface FastEthernet0 80

Do I need to use a static route of some kind instead?

Thanks for the quick reply,

-Jeff

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums