[CLUE-Tech] Port Forwarding / routing w/ cisco 678
Mike Staver
staver at fimble.com
Wed Apr 14 15:18:32 MDT 2004
Not sure if this will help, but here is my info from my 678 - note that
there is a website hosted here, and that I can see it using the dns name
which points to the outside ip address from the LAN just fine. I have
also done the same elsewhere using a Cisco 678. One question though,
since you're using the outside address, do you know that your ISP has
port 80 open to your IP? I'm not sure if it matters, if a connection
from the local LAN traverses through your ISPs router or not... just a
thought.
cbos#sh int
IP Address Mask
eth0 192.168.0.1 255.255.255.0
vip0 0.0.0.0 255.255.255.0
vip1 0.0.0.0 255.255.255.0
vip2 0.0.0.0 255.255.255.0
wan0 Physical Port: Trained
Dest IP Address Mask
wan0-0 216.38.219.1 255.255.255.0
cbos#sho route
[TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF]
[AGE]
0.0.0.0 0.0.0.0 0.0.0.0 1 SA
WAN0-0 0
192.168.0.0 255.255.255.0 0.0.0.0 1 LA ETH0
0
216.38.219.0 255.255.255.0 0.0.0.0 1 A
WAN0-0 0
WAN Interfaces...
216.38.219.1 255.255.255.0 0.0.0.0 1 HA
WAN0-0 0
cbos#show nat
NAT is currently enabled
Port Network Global
eth0 Inside
wan0-0 Outside 216.38.219.245
vip0 Outside
vip1 Outside
vip2 Outside
Local IP : Port Global IP : Port Timer Flags Proto
Interface
192.168.0.25:143 *****:143 0 0x00041 tcp eth0
192.168.0.25:25 *****:25 0 0x00041 tcp
eth0
192.168.0.25:80 *****:80 0 0x00041 tcp
eth0 wan0-0
192.168.0.3:3046 216.38.219.245:18387 86250 0x00046 tcp
eth0 wan0-0
192.168.0.3:3056 216.38.219.245:18391 86310 0x00046 tcp
eth0 wan0-0
192.168.0.3:3064 216.38.219.245:18395 86280 0x00046 tcp
eth0 wan0-0
192.168.0.1:23 216.38.219.245:23 86400 0x0004A tcp
eth0 wan0-0
192.168.0.2:1027 216.38.219.245:18893 60 0x00046 udp
eth0 wan0-0
Dave Price wrote:
> Hello,
>
> I am trying to use port-forwarding with a cisco 678 DSL router.
>
> I have a static IP address assigned to the device of 64.65.162.63
>
> We are using the device's NAT and onboard DHCP to connect a LAN the
> Internet. Local devices work fine with addresses in the 10.0.0.0/24
> range.
>
> The device is configured to pass ports 80 (http) and 22 (ssh) on to
> local IP address 10.0.0.2.
>
> I can call up web pages and login via ssh from 'outside' the LAN just
> fine, but when I am 'inside' I cannot use the 64.65.162.63 address to
> connect, although the 10.0.0.2 address works fine for http and ssh.
>
> Below is the (I think) relevant config info from the 678. Am I mistaken
> in my belief that the 'outside' address should work the same whether we
> are inside or out? Any hints as to what I need to change to get this to
> work right?
>
> aloha,
> dave
>
> <paste>
>
> cbos#sho int
> IP Address Mask
> eth0 10.0.0.1 255.255.255.0
> vip0 0.0.0.0 255.255.255.0
> vip1 0.0.0.0 255.255.255.0
> vip2 0.0.0.0 255.255.255.0
> wan0 Physical Port: Trained
>
> Dest IP Address Mask
> wan0-0 209.150.192.10 255.255.255.255
>
> cbos#sho route
> [TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF]
> [AGE]
> 0.0.0.0 0.0.0.0 0.0.0.0 1 SA
> WAN0-0 0
> 10.0.0.0 255.255.255.0 0.0.0.0 1 LA ETH0
> 0
> 209.150.192.0 255.255.255.0 0.0.0.0 1 AR
> WAN0-0 0
>
> WAN Interfaces...
> 209.150.192.10 255.255.255.255 0.0.0.0 1 HA
> WAN0-0 0
>
> IP NAT = enabled
> IP Multicast Forwarding = disabled
> IP Port RIP Send Responses = 00, disabled
> IP Port RIPv2 Send Type = 00, donotsend
> IP Port RIPv2 Receive Type = 00, donotreceive
> IP Port RIP Send Responses = 01, disabled
> IP Port RIPv2 Send Type = 01, donotsend
> IP Port RIPv2 Receive Type = 01, donotreceive
> IP NAT Entry = 10.0.0.2, 22, 64.65.162.63, 22, tcp;10.0.0.2, 80,
> 64.65.162.63, 80, tcp;
>
> cbos#show nat
>
> NAT is currently enabled
>
> Port Network Global
> eth0 Inside
> wan0-0 Outside 64.65.162.63
> vip0 Outside
> vip1 Outside
> vip2 Outside
>
> Local IP : Port Global IP : Port Timer Flags Proto
> Interface
> 10.0.0.2:22 64.65.162.63:22 0 0x00041 tcp
> eth0 wan0-0
> 10.0.0.2:80 64.65.162.63:80 0 0x00041 tcp
> eth0 wan0-0
> 10.0.0.2:631 64.65.162.63:631 90 0x00046 udp
> eth0 wan0-0
> 10.0.0.2:42864 64.65.162.63:21505 86340 0x00046 tcp
> eth0 wan0-0
> 10.0.0.2:42865 64.65.162.63:21507 86250 0x00046 tcp
> eth0 wan0-0
> 10.0.0.5:138 64.65.162.63:21779 30 0x00046 udp
> eth0 wan0-0
>
> cbos#
> </paste>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list