[CLUE-Tech] Port Forwarding / routing w/ cisco 678

Mike Staver staver at fimble.com
Wed Apr 14 15:18:32 MDT 2004 

Not sure if this will help, but here is my info from my 678 - note that 
there is a website hosted here, and that I can see it using the dns name 
which points to the outside ip address from the LAN just fine.  I have 
also done the same elsewhere using a Cisco 678.  One question though, 
since you're using the outside address, do you know that your ISP has 
port 80 open to your IP?  I'm not sure if it matters, if a connection 
from the local LAN traverses through your ISPs router or not... just a 
thought.

cbos#sh int
            IP Address         Mask
eth0       192.168.0.1        255.255.255.0

vip0       0.0.0.0            255.255.255.0

vip1       0.0.0.0            255.255.255.0

vip2       0.0.0.0            255.255.255.0

wan0       Physical Port: Trained

            Dest IP Address    Mask
wan0-0     216.38.219.1       255.255.255.0

cbos#sho route
[TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF] 
   [AGE]
0.0.0.0          0.0.0.0          0.0.0.0          1     SA 
WAN0-0   0
192.168.0.0      255.255.255.0    0.0.0.0          1     LA        ETH0 
     0
216.38.219.0     255.255.255.0    0.0.0.0          1     A 
WAN0-0   0

WAN Interfaces...
216.38.219.1     255.255.255.0    0.0.0.0          1     HA 
WAN0-0   0

cbos#show nat

NAT is currently enabled

Port      Network        Global
eth0      Inside
wan0-0    Outside      216.38.219.245
vip0      Outside
vip1      Outside
vip2      Outside

       Local IP : Port      Global IP : Port      Timer Flags    Proto 
Interface
    192.168.0.25:143             *****:143          0   0x00041  tcp   eth0
    192.168.0.25:25              *****:25           0   0x00041  tcp 
eth0
    192.168.0.25:80              *****:80           0   0x00041  tcp 
   eth0 wan0-0
     192.168.0.3:3046   216.38.219.245:18387    86250   0x00046  tcp 
eth0 wan0-0
     192.168.0.3:3056   216.38.219.245:18391    86310   0x00046  tcp 
eth0 wan0-0
     192.168.0.3:3064   216.38.219.245:18395    86280   0x00046  tcp 
eth0 wan0-0
     192.168.0.1:23     216.38.219.245:23       86400   0x0004A  tcp 
eth0 wan0-0
     192.168.0.2:1027   216.38.219.245:18893       60   0x00046  udp 
eth0 wan0-0

Dave Price wrote:

> Hello,
> 
> I am trying to use port-forwarding with a cisco 678 DSL router.
> 
> I have a static IP address assigned to the device of 64.65.162.63
> 
> We are using the device's NAT and onboard DHCP to connect a LAN the
> Internet.  Local devices work fine with addresses in the 10.0.0.0/24
> range.
> 
> The device is configured to pass ports 80 (http) and 22 (ssh) on to
> local IP address 10.0.0.2.
> 
> I can call up web pages and login via ssh from 'outside' the LAN just
> fine, but when I am 'inside' I cannot use the 64.65.162.63 address to
> connect, although the 10.0.0.2 address works fine for http and ssh.
> 
> Below is the (I think) relevant config info from the 678.  Am I mistaken
> in my belief that the 'outside' address should work the same whether we
> are inside or out?  Any hints as to what I need to change to get this to
> work right?
> 
> aloha,
> dave
> 
> <paste>
>  
> cbos#sho int
>            IP Address         Mask
> eth0       10.0.0.1           255.255.255.0
> vip0       0.0.0.0            255.255.255.0
> vip1       0.0.0.0            255.255.255.0
> vip2       0.0.0.0            255.255.255.0
> wan0       Physical Port: Trained
>  
>            Dest IP Address    Mask
> wan0-0     209.150.192.10     255.255.255.255
>  
> cbos#sho route
> [TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF]
> [AGE]
> 0.0.0.0          0.0.0.0          0.0.0.0          1     SA
> WAN0-0   0
> 10.0.0.0         255.255.255.0    0.0.0.0          1     LA        ETH0
> 0
> 209.150.192.0    255.255.255.0    0.0.0.0          1     AR
> WAN0-0   0
>  
> WAN Interfaces...
> 209.150.192.10   255.255.255.255  0.0.0.0          1     HA
> WAN0-0   0
>  
> IP NAT = enabled
> IP Multicast Forwarding = disabled
> IP Port RIP Send Responses = 00, disabled
> IP Port RIPv2 Send Type = 00, donotsend
> IP Port RIPv2 Receive Type = 00, donotreceive
> IP Port RIP Send Responses = 01, disabled
> IP Port RIPv2 Send Type = 01, donotsend
> IP Port RIPv2 Receive Type = 01, donotreceive
> IP NAT Entry = 10.0.0.2, 22, 64.65.162.63, 22, tcp;10.0.0.2, 80,
> 64.65.162.63, 80, tcp;
> 
> cbos#show nat
>  
> NAT is currently enabled
>  
> Port      Network        Global
> eth0      Inside
> wan0-0    Outside      64.65.162.63
> vip0      Outside
> vip1      Outside
> vip2      Outside
>  
>       Local IP : Port      Global IP : Port      Timer Flags    Proto
> Interface
>        10.0.0.2:22       64.65.162.63:22           0   0x00041  tcp
> eth0 wan0-0
>        10.0.0.2:80       64.65.162.63:80           0   0x00041  tcp
> eth0 wan0-0
>        10.0.0.2:631      64.65.162.63:631         90   0x00046  udp
> eth0 wan0-0
>        10.0.0.2:42864    64.65.162.63:21505    86340   0x00046  tcp
> eth0 wan0-0
>        10.0.0.2:42865    64.65.162.63:21507    86250   0x00046  tcp
> eth0 wan0-0
>        10.0.0.5:138      64.65.162.63:21779       30   0x00046  udp
> eth0 wan0-0
>  
> cbos#
> </paste>
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech

-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com

More information about the clue-tech mailing list