Port forwarding help needed for ISDN dynamic assigned IP address

[BritishBulldog]

Greetings,
Hope someone can help. I have a 1605 Cisco router connected as my ISDN link to my ISP who assigns a dynamic IP address on each dial up. I have it working fine for normal web browsing etc, but I want to use the dyndns service to access my web page on my local machine which is on a private address.
What config command do I need to forward all port 80 requests incoming from my ISP on BRi0 to my local machine?

Here is my current config ( usernames etc removed)

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname peteb
!
enable password 7 ***********
!
ip subnet-zero
no ip domain-lookup
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.0.75 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
no ip address
no ip directed-broadcast
ip nat inside
shutdown
!
interface BRI0
description connected to Internet
no ip address
ip helper-address 194.73.73.94
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
isdn not-end-to-end 64
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
ip helper-address 194.73.73.94
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string 08089916001
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname britishbulldog.fsnet.co.uk
ppp chap password 7 **************
ppp pap sent-username britishbulldog.fsnet.co.uk password 7 ******************
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 05080B0E2A495C
login
transport input none
line vty 0 4
password 7 105E0B0C17031D05
login
!
end

Many thanks

Pete AKA BritishBulldog

 

[ChrisAC]

!
ip nat inside source static tcp <ip_of_server) 80 interface dialer1 80
!

Requests sent to the dialer interface IP address via dynamic DNS will be forwarded to the internal web server.

Also, I would take RIP off there as you don't need it.

Chris.



**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[BritishBulldog]

HI,

I have entered that NAT command in to my config, but I get the following error on my browser which I am assuming is coming from the router as I believe that the routers port 80 is set to off by default. Or is it an access list I need to add or ammend ?

Forbidden
You were denied access because:
Access denied by access control list.


Cheers

 

[ChrisAC]

Make sure that you have the command 'no ip http server' in the config. You don't want the router to serve port 80 requests, you want the web server to.

Also, when trying to get to the web server, check the router for the corect NAT by doing 'sh ip nat trans'.

Chris.


**********************
Chris Andrew, CCNA, CCSA
chris@iproute.co.uk
**********************

 

[BritishBulldog]

I have ensured that that global command was entered , and by default I believe that it is off by default hence not showing up in the config.
I am still getting the same error in my browser of

Forbidden
You were denied access because:
Access denied by access control list.

Here is trace to my webserver: which I can confirm is my routers dialer1 dynamically assigned IP addy which dyndns translates it to.


Tracing route to britishbulldog.kicks-ass.net [195.92.67.67]
over a maximum of 30 hops:

1 4 ms 4 ms 4 ms 192.168.0.75
2 52 ms 46 ms 47 ms gorilla.lns.watford.access.planet.net.uk [195.92
.66.193]
3 47 ms 46 ms 47 ms lettuce.as5388.net [195.92.66.2]
4 51 ms 49 ms 54 ms webcacheH03a.cache.pol.co.uk [195.92.67.67]

Trace complete.

I here is a sho ip nat trans. It doesn't seem to be translating it to the 192.168.0.1 address if I have read it right.

I have proved the web server by dialing up using my internal ISDN TA and all works fine.

Is it a prob with an access list ? Or do I need to add anything else ?

Its getting unfunny now , lol.
Here is my current config and the sh ip nat trans:


peteb#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 81.78.75.86:3216 192.168.0.1:3216 195.92.67.67:80 195.92.67.67:80
tcp 81.78.75.86:3212 192.168.0.1:3212 66.151.188.48:80 66.151.188.48:80
tcp 81.78.75.86:3213 192.168.0.1:3213 66.151.188.48:80 66.151.188.48:80
tcp 81.78.75.86:3211 192.168.0.1:3211 64.21.143.27:80 64.21.143.27:80
tcp 81.78.75.86:3210 192.168.0.1:3210 209.69.32.139:8245 209.69.32.139:8245
tcp 81.78.75.86:3215 192.168.0.1:3215 216.239.41.99:80 216.239.41.99:80
udp 81.78.75.86:1030 192.168.0.1:1030 194.73.73.94:53 194.73.73.94:53
tcp 81.78.75.86:80 192.168.0.75:80 --- ---
udp 81.78.75.86:3202 192.168.0.1:3202 194.73.73.94:53 194.73.73.94:53

peteb#sh run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname peteb
!
enable password 7
!
ip subnet-zero
no ip domain-lookup
isdn switch-type basic-net3
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 192.168.0.75 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Ethernet1
no ip address
no ip directed-broadcast
ip nat inside
shutdown
!
interface BRI0
description connected to Internet
no ip address
ip helper-address 194.73.73.94
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 1
isdn switch-type basic-net3
isdn not-end-to-end 64
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
ip helper-address 194.73.73.94
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer string 08089916001
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname britishbulldog.fsnet.co.uk
ppp chap password 7
ppp pap sent-username britishbulldog.fsnet.co.uk password 7
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.75 80 interface Dialer1 80
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7
login
transport input none
line vty 0 4
password 7

login
!
end






Pete

 

[Degg]

I believe by default http server is on. you said you ensured the global command was entered, but I dont see that it is listed as 'no ip http-server' in your config.

Degg
Network Administrator

 

[BritishBulldog]

I have entered no ip http server and after looking on teh cisco pages found that it is set to off as default on a 1605 router and will only apear in the config when it is turned on.

I think the problem I have is that I have got a static NAT and an overload one so it is confused.

Still perplexed as to how I can get round this as surely I can't be the only one that wants to do this.

Hmmmm