[CLUE-Tech] Port Forwarding / routing w/ cisco 678
Frank Whiteley
techzone at greeleynet.com
Wed Apr 14 18:45:45 MDT 2004
----- Original Message -----
From: "Dave Price" <dp_kinaole at yahoo.com>
To: <clue-tech at clue.denver.co.us>
Sent: Wednesday, April 14, 2004 09:08
Subject: [CLUE-Tech] Port Forwarding / routing w/ cisco 678
> Hello,
>
> I am trying to use port-forwarding with a cisco 678 DSL router.
>
> I have a static IP address assigned to the device of 64.65.162.63
>
> We are using the device's NAT and onboard DHCP to connect a LAN the
> Internet. Local devices work fine with addresses in the 10.0.0.0/24
> range.
>
> The device is configured to pass ports 80 (http) and 22 (ssh) on to
> local IP address 10.0.0.2.
>
> I can call up web pages and login via ssh from 'outside' the LAN just
> fine, but when I am 'inside' I cannot use the 64.65.162.63 address to
> connect, although the 10.0.0.2 address works fine for http and ssh.
>
> Below is the (I think) relevant config info from the 678. Am I mistaken
> in my belief that the 'outside' address should work the same whether we
> are inside or out? Any hints as to what I need to change to get this to
> work right?
>
> aloha,
> dave
>
> <paste>
>
> cbos#sho int
> IP Address Mask
> eth0 10.0.0.1 255.255.255.0
> vip0 0.0.0.0 255.255.255.0
> vip1 0.0.0.0 255.255.255.0
> vip2 0.0.0.0 255.255.255.0
> wan0 Physical Port: Trained
>
> Dest IP Address Mask
> wan0-0 209.150.192.10 255.255.255.255
>
> cbos#sho route
> [TARGET] [MASK] [GATEWAY] [M][P] [TYPE] [IF]
> [AGE]
> 0.0.0.0 0.0.0.0 0.0.0.0 1 SA
> WAN0-0 0
> 10.0.0.0 255.255.255.0 0.0.0.0 1 LA ETH0
> 0
> 209.150.192.0 255.255.255.0 0.0.0.0 1 AR
> WAN0-0 0
>
> WAN Interfaces...
> 209.150.192.10 255.255.255.255 0.0.0.0 1 HA
> WAN0-0 0
>
> IP NAT = enabled
> IP Multicast Forwarding = disabled
> IP Port RIP Send Responses = 00, disabled
> IP Port RIPv2 Send Type = 00, donotsend
> IP Port RIPv2 Receive Type = 00, donotreceive
> IP Port RIP Send Responses = 01, disabled
> IP Port RIPv2 Send Type = 01, donotsend
> IP Port RIPv2 Receive Type = 01, donotreceive
> IP NAT Entry = 10.0.0.2, 22, 64.65.162.63, 22, tcp;10.0.0.2, 80,
> 64.65.162.63, 80, tcp;
>
> cbos#show nat
>
> NAT is currently enabled
>
> Port Network Global
> eth0 Inside
> wan0-0 Outside 64.65.162.63
> vip0 Outside
> vip1 Outside
> vip2 Outside
>
> Local IP : Port Global IP : Port Timer Flags Proto
> Interface
> 10.0.0.2:22 64.65.162.63:22 0 0x00041 tcp
> eth0 wan0-0
> 10.0.0.2:80 64.65.162.63:80 0 0x00041 tcp
> eth0 wan0-0
> 10.0.0.2:631 64.65.162.63:631 90 0x00046 udp
> eth0 wan0-0
> 10.0.0.2:42864 64.65.162.63:21505 86340 0x00046 tcp
> eth0 wan0-0
> 10.0.0.2:42865 64.65.162.63:21507 86250 0x00046 tcp
> eth0 wan0-0
> 10.0.0.5:138 64.65.162.63:21779 30 0x00046 udp
> eth0 wan0-0
>
> cbos#
> </paste>
Can't recall if IP NAT Outside IP shows without adding it specifically.
Try
ena
show nvram
And see if your static IP is listed as
IP NAT Outside IP = 64.65.162.63
If not, it should be.
There are a couple of NAT/subnet routing issues with public/private IP space
that are solved by this
ena
set int wan0-0 outside-ip 64.65.162.63
write
reboot
Then try checking again and the line will be there.
Although I'm not currently doing any port forwarding on my particular setup,
until I issued the above, I had other issues with NATing RFC 1918 subnets in
parallel with public IPs and seeing public IPs on the subnet. Now I can
access the router or subnet from private LAN side boxes via public WAN
static IP, 3x private IP subnet gateways, or public VIP gateway IP. This
worked natively on the C675, but not on my C678's.
HTH,
Frank Whiteley
Greeley
More information about the clue-tech
mailing list