[CLUE-Tech] Port Forwarding / routing w/ cisco 678

Dave Price dp_kinaole at yahoo.com
Wed Apr 14 09:08:12 MDT 2004 

Hello,

I am trying to use port-forwarding with a cisco 678 DSL router.

I have a static IP address assigned to the device of 64.65.162.63

We are using the device's NAT and onboard DHCP to connect a LAN the
Internet.  Local devices work fine with addresses in the 10.0.0.0/24
range.

The device is configured to pass ports 80 (http) and 22 (ssh) on to
local IP address 10.0.0.2.

I can call up web pages and login via ssh from 'outside' the LAN just
fine, but when I am 'inside' I cannot use the 64.65.162.63 address to
connect, although the 10.0.0.2 address works fine for http and ssh.

Below is the (I think) relevant config info from the 678.  Am I mistaken
in my belief that the 'outside' address should work the same whether we
are inside or out?  Any hints as to what I need to change to get this to
work right?

aloha,
dave

<paste>
 
cbos#sho int
           IP Address         Mask
eth0       10.0.0.1           255.255.255.0
vip0       0.0.0.0            255.255.255.0
vip1       0.0.0.0            255.255.255.0
vip2       0.0.0.0            255.255.255.0
wan0       Physical Port: Trained
 
           Dest IP Address    Mask
wan0-0     209.150.192.10     255.255.255.255
 
cbos#sho route
[TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF]
[AGE]
0.0.0.0          0.0.0.0          0.0.0.0          1     SA
WAN0-0   0
10.0.0.0         255.255.255.0    0.0.0.0          1     LA        ETH0
0
209.150.192.0    255.255.255.0    0.0.0.0          1     AR
WAN0-0   0
 
WAN Interfaces...
209.150.192.10   255.255.255.255  0.0.0.0          1     HA
WAN0-0   0
 
IP NAT = enabled
IP Multicast Forwarding = disabled
IP Port RIP Send Responses = 00, disabled
IP Port RIPv2 Send Type = 00, donotsend
IP Port RIPv2 Receive Type = 00, donotreceive
IP Port RIP Send Responses = 01, disabled
IP Port RIPv2 Send Type = 01, donotsend
IP Port RIPv2 Receive Type = 01, donotreceive
IP NAT Entry = 10.0.0.2, 22, 64.65.162.63, 22, tcp;10.0.0.2, 80,
64.65.162.63, 80, tcp;

cbos#show nat
 
NAT is currently enabled
 
Port      Network        Global
eth0      Inside
wan0-0    Outside      64.65.162.63
vip0      Outside
vip1      Outside
vip2      Outside
 
      Local IP : Port      Global IP : Port      Timer Flags    Proto
Interface
       10.0.0.2:22       64.65.162.63:22           0   0x00041  tcp
eth0 wan0-0
       10.0.0.2:80       64.65.162.63:80           0   0x00041  tcp
eth0 wan0-0
       10.0.0.2:631      64.65.162.63:631         90   0x00046  udp
eth0 wan0-0
       10.0.0.2:42864    64.65.162.63:21505    86340   0x00046  tcp
eth0 wan0-0
       10.0.0.2:42865    64.65.162.63:21507    86250   0x00046  tcp
eth0 wan0-0
       10.0.0.5:138      64.65.162.63:21779       30   0x00046  udp
eth0 wan0-0
 
cbos#
</paste>

More information about the clue-tech mailing list