Opening ports on cisco 827 router

[ninjaoctagon]

How to i configure a cisco router, so that a webserver can be accessed from outside world

here is what i have done so far


I can ping my WAN IP address from outside my network (maybe because its static)
I can ping the web address

http://www.mysitename.com

(could be same as above)
BUT
I cant access the website.
when i do
telnet mysite.name.com 80
it cant find it


I have added these two commands into my router

ip nat inside source static udp 192.168.1.10 53 192.168.5.5 53
ip nat inside source static tcp 192.168.1.10 80 192.168.5.5 80

And still cant access the sites from the internet

Here is my set up

..........................Internet
............................"
..........................."wan ip address
............................"
............................ADSL modem
............................"192.168.1.1
........................"(static ,no dhcp from adsl to firewal)
.........................."192.168.1.10
...........................Firewall Machine(with 2 NIC)
.........................."192.168.5.5
.............................".................... ..............................."
.............................".................... ................................"
.....................192.168.5.6 (Server)(static ip address)

 

[burtsbees]

You have to nat the private server IP address to the public IP address on the outside.

Burt

 

[ninjaoctagon]

What will be the command to do this..

I tried this still not working

ip nat inside source static udp 192.168.1.10 53 203.97.xxx.xxx 53
ip nat inside source static tcp 192.168.1.10 80 203.97.xxx.xxx 80

whereby 203.97.xxx.xxx is my public ip address

 

[burtsbees]

Not sure you can in this setup...the modem is what needs to NAT. If it can't NAT, you're screwed.

Burt

 

[rickrude11]

I'd be looking at the firewall. isn't the 827 an ADSL modem and router? do you need to add a route to the 192.168.5.0 network?

that is if i am reading your set up correctly..

 

[ninjaoctagon]

yes 827 is modem/router

what i am having is cant open port 80

if i go to

http://www.canyouseeme.org,

i cant see this port open

checked with isp port 80 is open

before i check the firewall how do i open the web server on cisco ....

if i open port 80 on the router,,,,
i should be seeing port 80 as open if i go to

http://www.canyouseeme.org

Here is my config anything i should be looking at changing?
Will this config enable web server on port 80?

thom#sho configuration
Using 1639 out of 131072 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service dhcp
!
hostname thom
!
logging buffered 4096 debugging
enable secret ABCABCABACABACBACBACBACBQAC
enable password cdcdcdcdcdcdcdcdcdcd
!
ip subnet-zero
ip name-server 202.27.xxx.xx
ip name-server 203.97.xxx.xxx
ip dhcp excluded-address 192.168.1.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool dhcppool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 203.97.xxx.xxx 203.97.xxx.xx
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-membe
!
!
interface Dialer0
ip address negotiated previous
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username me@myisp.com password blablablablablabalabalabala
6C
ppp ipcp dns accept
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.10 80 203.97.xxx.xxx 80 extendable(203.97.xxx.xx is my static ip address)
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 0 0
stopbits 1
line vty 0 4
password XYZXYZXYZXYZXYZXYZXYCXZUTXTX
login
!
scheduler max-task-time 5000
end

thom#


Thanks


is that right.
Because i am thinking of solving this from one stage to another

 

[burtsbees]

Oh---thought you had a different modem connected as well...

ip nat inside source static tcp 192.168.1.10 80 int di0 80

That should do it. Also, on dialer 0...
int di0
ip tcp adjust-mss 1452
ip mtu 1492

Burt

 

[rickrude11]

burt, do you need to adjust the mtu for pppoa?

from the looks of this, the web server is on 192.168.5.6 - behind another firewall.. so you're probably gonna have to nat again.

 

[ninjaoctagon]

Have done as Burt suggest still no luck.


here is my : sho ip nat translations.
Still web server still closed.

thom# sho ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 203.97.XXX.XXX:80 192.168.1.10:80 --- ---

203.97.xxx.xxx( my wan ip address)


When the modem is plug to the internet..
(These logs just keep on coming oh my G)
thom# sho ip nat translations
tcp 203.97.XXX.XXX:56193 192.168.xxx.xxx:56193 64.180.21.168:21539 64.180.21.168:21
539
tcp 203.97.XXX.XXX:56155 192.168.xxx.xxx:56155 68.251.53.162:55309 68.251.53.162:55
309
tcp 203.97.XXX.XXX:56170 192.168.xxx.xxx:56170 63.231.82.73:39035 63.231.82.73:3903
5
tcp 203.97.XXX.XXX:56138 192.168.xxx.xxx:56138 81.171.114.69:5869 81.171.114.69:586
9
tcp 203.97.XXX.XXX:56191 192.168.xxx.xxx:56191 81.110.122.54:42759 81.110.122.54:42
759
tcp 203.97.XXX.XXX:56188 192.168.xxx.xxx:56188 88.80.7.205:2710 88.80.7.205:2710
udp 203.97.XXX.XXX:13924 192.168.xxx.xxx:13924 89.243.188.0:27107 89.243.188.0:2710
7
udp 203.97.XXX.XXX:13924 192.168.xxx.xxx:13924 217.114.156.30:12876 217.114.156.30:
12876
udp 203.97.XXX.XXX:49610 192.168.xxx.xxx:49610 203.97.33.1:53 203.97.33.1:53
tcp 203.97.XXX.XXX:56198 192.168.xxx.xxx:56198 80.167.118.95:15337 80.167.118.95:15
337
udp 203.97.XXX.XXX:13924 192.168.xxx.xxx:13924 202.156.125.193:55232 202.156.125.19
3:55232
tcp 203.97.XXX.XXX:56160 192.168.xxx.xxx:56160 78.159.108.71:80 78.159.108.71:80
udp 203.97.XXX.XXX:13924 192.168.xxx.xxx:13924 67.181.194.58:49735 67.181.194.58:49
735