[CLUE-Tech] Port Forwarding / routing w/ cisco 678

Mike Staver staver at fimble.com
Thu Apr 15 10:06:33 MDT 2004 

I had the exact same problem with an ActionTec router (pile of crap if 
you ask me) when I first set up my DSL connection. I could only see the 
website I was forwarding to from outside, not in.  From inside, I could 
only see the web admin interface for the router - and I never figured 
out how to fix that, and yet be able to update the router config.  I 
like my Cisco much better.  I wonder if you could do this - erase your 
nvram on it and start over.  It sounds drastic, but I would think that 
it would eliminate any unknowns if you did that.

Dave Price wrote:
> Mike,
> 
> This is exactly what I am trying to do.  My ISP does have ports 80 and
> 22 open to the IP address, so from outside my LAN I can bring up my web
> content and ssh into the system running as a web server. 
> 
>>From inside the LAN tho, I can surf out to anywhere else just fine
> (always could), but trying to bring up http://64.65.162.63 just results
> in a time out.  For anyone reading this who trys to bring up the web
> page, my apologies for the bland content, right now, the server is just
> a 'test' implementation of the (interesting) blosxom weblog.
> 
>>From inside the LAN, I can see the use the server's resource just fine
> either by it's 10.0.0.2 address, or its local smb (samba) name.
> 
> Your config looks to be the same as mine ... what am I missing?
> 
> aloha,
> dave
> 
> On Wed, Apr 14, 2004 at 03:18:32PM -0600, Mike Staver wrote:
> 
>>Not sure if this will help, but here is my info from my 678 - note that 
>>there is a website hosted here, and that I can see it using the dns name 
>>which points to the outside ip address from the LAN just fine.  I have 
>>also done the same elsewhere using a Cisco 678.  One question though, 
>>since you're using the outside address, do you know that your ISP has 
>>port 80 open to your IP?  I'm not sure if it matters, if a connection 
>>from the local LAN traverses through your ISPs router or not... just a 
>>thought.
>>
>>cbos#sh int
>>           IP Address         Mask
>>eth0       192.168.0.1        255.255.255.0
>>
>>vip0       0.0.0.0            255.255.255.0
>>
>>vip1       0.0.0.0            255.255.255.0
>>
>>vip2       0.0.0.0            255.255.255.0
>>
>>wan0       Physical Port: Trained
>>
>>           Dest IP Address    Mask
>>wan0-0     216.38.219.1       255.255.255.0
>>
>>cbos#sho route
>>[TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF] 
>>  [AGE]
>>0.0.0.0          0.0.0.0          0.0.0.0          1     SA 
>>WAN0-0   0
>>192.168.0.0      255.255.255.0    0.0.0.0          1     LA        ETH0 
>>    0
>>216.38.219.0     255.255.255.0    0.0.0.0          1     A 
>>WAN0-0   0
>>
>>WAN Interfaces...
>>216.38.219.1     255.255.255.0    0.0.0.0          1     HA 
>>WAN0-0   0
>>
>>cbos#show nat
>>
>>NAT is currently enabled
>>
>>Port      Network        Global
>>eth0      Inside
>>wan0-0    Outside      216.38.219.245
>>vip0      Outside
>>vip1      Outside
>>vip2      Outside
>>
>>      Local IP : Port      Global IP : Port      Timer Flags    Proto 
>>Interface
>>   192.168.0.25:143             *****:143          0   0x00041  tcp   eth0
>>   192.168.0.25:25              *****:25           0   0x00041  tcp 
>>eth0
>>   192.168.0.25:80              *****:80           0   0x00041  tcp 
>>  eth0 wan0-0
>>    192.168.0.3:3046   216.38.219.245:18387    86250   0x00046  tcp 
>>eth0 wan0-0
>>    192.168.0.3:3056   216.38.219.245:18391    86310   0x00046  tcp 
>>eth0 wan0-0
>>    192.168.0.3:3064   216.38.219.245:18395    86280   0x00046  tcp 
>>eth0 wan0-0
>>    192.168.0.1:23     216.38.219.245:23       86400   0x0004A  tcp 
>>eth0 wan0-0
>>    192.168.0.2:1027   216.38.219.245:18893       60   0x00046  udp 
>>eth0 wan0-0
>>
>>Dave Price wrote:
>>
>>
>>>Hello,
>>>
>>>I am trying to use port-forwarding with a cisco 678 DSL router.
>>>
>>>I have a static IP address assigned to the device of 64.65.162.63
>>>
>>>We are using the device's NAT and onboard DHCP to connect a LAN the
>>>Internet.  Local devices work fine with addresses in the 10.0.0.0/24
>>>range.
>>>
>>>The device is configured to pass ports 80 (http) and 22 (ssh) on to
>>>local IP address 10.0.0.2.
>>>
>>>I can call up web pages and login via ssh from 'outside' the LAN just
>>>fine, but when I am 'inside' I cannot use the 64.65.162.63 address to
>>>connect, although the 10.0.0.2 address works fine for http and ssh.
>>>
>>>Below is the (I think) relevant config info from the 678.  Am I mistaken
>>>in my belief that the 'outside' address should work the same whether we
>>>are inside or out?  Any hints as to what I need to change to get this to
>>>work right?
>>>
>>>aloha,
>>>dave
>>>
>>><paste>
>>>
>>>cbos#sho int
>>>          IP Address         Mask
>>>eth0       10.0.0.1           255.255.255.0
>>>vip0       0.0.0.0            255.255.255.0
>>>vip1       0.0.0.0            255.255.255.0
>>>vip2       0.0.0.0            255.255.255.0
>>>wan0       Physical Port: Trained
>>>
>>>          Dest IP Address    Mask
>>>wan0-0     209.150.192.10     255.255.255.255
>>>
>>>cbos#sho route
>>>[TARGET]         [MASK]           [GATEWAY]       [M][P] [TYPE]    [IF]
>>>[AGE]
>>>0.0.0.0          0.0.0.0          0.0.0.0          1     SA
>>>WAN0-0   0
>>>10.0.0.0         255.255.255.0    0.0.0.0          1     LA        ETH0
>>>0
>>>209.150.192.0    255.255.255.0    0.0.0.0          1     AR
>>>WAN0-0   0
>>>
>>>WAN Interfaces...
>>>209.150.192.10   255.255.255.255  0.0.0.0          1     HA
>>>WAN0-0   0
>>>
>>>IP NAT = enabled
>>>IP Multicast Forwarding = disabled
>>>IP Port RIP Send Responses = 00, disabled
>>>IP Port RIPv2 Send Type = 00, donotsend
>>>IP Port RIPv2 Receive Type = 00, donotreceive
>>>IP Port RIP Send Responses = 01, disabled
>>>IP Port RIPv2 Send Type = 01, donotsend
>>>IP Port RIPv2 Receive Type = 01, donotreceive
>>>IP NAT Entry = 10.0.0.2, 22, 64.65.162.63, 22, tcp;10.0.0.2, 80,
>>>64.65.162.63, 80, tcp;
>>>
>>>cbos#show nat
>>>
>>>NAT is currently enabled
>>>
>>>Port      Network        Global
>>>eth0      Inside
>>>wan0-0    Outside      64.65.162.63
>>>vip0      Outside
>>>vip1      Outside
>>>vip2      Outside
>>>
>>>     Local IP : Port      Global IP : Port      Timer Flags    Proto
>>>Interface
>>>      10.0.0.2:22       64.65.162.63:22           0   0x00041  tcp
>>>eth0 wan0-0
>>>      10.0.0.2:80       64.65.162.63:80           0   0x00041  tcp
>>>eth0 wan0-0
>>>      10.0.0.2:631      64.65.162.63:631         90   0x00046  udp
>>>eth0 wan0-0
>>>      10.0.0.2:42864    64.65.162.63:21505    86340   0x00046  tcp
>>>eth0 wan0-0
>>>      10.0.0.2:42865    64.65.162.63:21507    86250   0x00046  tcp
>>>eth0 wan0-0
>>>      10.0.0.5:138      64.65.162.63:21779       30   0x00046  udp
>>>eth0 wan0-0
>>>
>>>cbos#
>>></paste>
>>>_______________________________________________
>>>CLUE-Tech mailing list
>>>Post messages to: CLUE-Tech at clue.denver.co.us
>>>Unsubscribe or manage your options: 
>>>http://clue.denver.co.us/mailman/listinfo/clue-tech
>>
>>-- 
>>
>>                                -Mike Staver
>>                                 staver at fimble.com
>>                                 mstaver at globaltaxnetwork.com
>>_______________________________________________
>>CLUE-Tech mailing list
>>Post messages to: CLUE-Tech at clue.denver.co.us
>>Unsubscribe or manage your options: 
>>http://clue.denver.co.us/mailman/listinfo/clue-tech
> 
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech

-- 

                                 -Mike Staver
                                  staver at fimble.com
                                  mstaver at globaltaxnetwork.com

More information about the clue-tech mailing list