Forwarding port 80 with NAT on cisco 2611

[dreamaz]

Greetings,

I recently replaced my linksys SOHO router with a cisco 2611. My e0/0 is configured for dhcp and e0/1 is with a static IP. On the linksys i would just use the web based gui and forward requests on port 80 to 10.1.1.6.

I have made the neccesary changes to my config, but when i try to access my site via external ip it comes back as page cannot be displayed. By local IP it works fine.

Any help is appreciated.


interface Ethernet0/0
ip address dhcp
ip nat outside
full-duplex
!
interface Ethernet0/1
ip address 10.1.1.1 255.0.0.0
ip nat inside
full-duplex
!
ip nat inside source list NAT interface Ethernet0/0 overload
ip nat inside source static tcp 10.1.1.6 80 interface Ethernet0/0 80
no ip http server
no ip http secure-server
ip classless
!
!
!
ip access-list extended NAT
permit ip 10.1.1.0 0.0.0.255 any


Thanks,

dr

 

[justvistin]

I've no real experience of configuring NAT, but it looks as if the NAT translation is configured correctly to overload to the dynamic IP obtained by e0/0 for any client in the 10.1.1.0 range.

However, given that the 10.1.1.0 range has already been mapped to overload to e0/0, it may be that specifying a static 1:1 IP translation for 10.1.1.6 to e0/0 could be confusing things ?

Only a guess, but it may be worth removing the static translation for 10.1.1.6 and re-testing ? Cisco have a PDF that may be handy on this type of setup.

Go to Cisco.com and search for:

Cisco ? How to Configure a Cisco Router Behind a Non?Cisco Cable Modem

 

[justvistin]

Apologies - just re-read the posting and realised I misunderstood what you were trying to achieve.

 

[ADB100]

I have pretty much the same configuration; albeit for FTP but the syntax is the same.

ip nat inside source static tcp 192.168.11.1 21 interface Dialer1 21

Have you tried debugging to see what (if any) errors are output? Could the problem lie with the upstream router not allowing inbound connections?

HTH

Andy

 

[dreamaz]

Thanks for the reply.. turns out it does work from outside coming in and by local IP. But when i try loading my site locally using the external IP, it doesn't work. Quite strange.

A bigger problem i have now is that I have noticed the speeds are just terrible. Straight html sites and reverse tracerts are fine, but whenever i goto a secure site or try and download binaries from newsgroups, its at 15kbps. I am on a 5mbit connection.

Any help is appreciated.

below is the new config.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
interface Ethernet0/0
ip address dhcp
ip nat outside
full-duplex
no cdp enable
!
interface Ethernet0/1
ip address 10.1.1.1 255.0.0.0
ip nat inside
full-duplex
!
ip nat inside source list NAT interface Ethernet0/0 overload
ip nat inside source static tcp 10.1.1.2 5800 interface Ethernet0/0 85
ip nat inside source static tcp 10.1.1.6 22 interface Ethernet0/0 22
ip nat inside source static tcp 10.1.1.2 21 interface Ethernet0/0 21
ip nat inside source static tcp 10.1.1.6 80 interface Ethernet0/0 80
no ip http server
no ip http secure-server
ip classless
!
!
!
ip access-list extended NAT
permit ip 10.1.1.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

thanks,

dr

 

[ADB100]

Your first comment about 'loading my site locally using the external IP, it doesn't work' is correct, it won't work. Think about the logic of what you are trying to do - source IP address on the inside, make a connection to the routers IP address on port 80.......

As for the speed problem there isn't anything in the config that would slow things down, is it possible your provider has some policies configured? Have you looked at your routers CPU loading when you see the slow responses?

Andy