Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

NAT for port 80 not working.

Posted on 2002-06-17
3
Medium Priority
?
488 Views
Last Modified: 2010-08-05
I have NAT working on a router which is not allowing connections to port 80.  When debugging, i get the following message for clients attempting a connection:

1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3

What does 'no global port for 213.167.114.130' mean?  Tried to search on usenet and could find anything

where 213.167.114.130 is the IP address of the router and 216.250.215.22 is the external browser.  Here is the business end of the router config.  THis this something to do with Access lists and how can i test this using debug?

interface Ethernet0
 description Link To Internal
 ip address 213.167.114.133 255.255.255.252 secondary
 ip address 192.168.1.254 255.255.255.0
 ip access-group 2 out
 no ip directed-broadcast
 no ip proxy-arp
 ip accounting output-packets
 ip nat inside
!
interface Serial0
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
 service-module 56k clock source line
 service-module 56k network-type dds
!
interface Serial1
 description FRAME-RELAY TWO CIRCUITS
 bandwidth 128
 no ip address
 ip access-group 1 in
 no ip directed-broadcast
 no ip proxy-arp
 ip accounting output-packets
 encapsulation frame-relay IETF
!
interface Serial1.1 point-to-point
 description : Link To UTLONLINE
 ip address 213.167.114.130 255.255.255.252
 no ip directed-broadcast
 ip nat outside
 frame-relay interface-dlci 36
!

router ospf 100
 network 172.16.1.0 0.0.0.255 area 3
 network 192.168.1.0 0.0.0.255 area 1
 network 192.168.10.0 0.0.0.255 area 2
 network 213.177.0.0 0.0.255.255 area 0
 network 216.250.215.0 0.0.0.255 area 24
!
ip default-gateway 213.167.114.129
ip nat inside source list 1 interface Serial1.1 overload
ip nat inside source static tcp 192.168.1.249 1731 213.167.114.130 1731 extendable
ip nat inside source static tcp 192.168.1.249 1720 213.167.114.130 1720 extendable
ip nat inside source static tcp 192.168.1.249 1503 213.167.114.130 1503 extendable
ip nat inside source static tcp 192.168.1.249 389 213.167.114.130 389 extendable
ip nat inside source static tcp 192.168.1.249 522 213.167.114.130 522 extendable
ip nat inside source static tcp 192.168.1.1 21 213.167.114.130 21 extendable
ip nat inside source static tcp 192.168.1.3 25 213.167.114.130 25 extendable
ip nat inside source static tcp 192.168.1.3 3389 213.167.114.130 3389 extendable

ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.245 80 213.167.114.134 80 extendable
ip nat inside source static tcp 192.168.1.245 21 213.167.114.134 21 extendable
ip nat inside source static tcp 192.168.1.245 25 213.167.114.134 25 extendable
ip nat inside source static tcp 192.168.1.2 1433 213.167.114.130 1433 extendable

ip nat inside source static tcp 192.168.1.3 8050 213.167.114.130 8050 extendable

ip nat inside source static udp 192.168.1.245 53 213.167.114.130 53 extendable


ip classless
ip route 0.0.0.0 0.0.0.0 213.167.114.129
ip route 172.16.1.0 255.255.255.0 192.168.10.254
ip route 192.168.5.0 255.255.255.0 192.168.10.254
ip route 192.168.10.0 255.255.255.0 192.168.10.254
ip route 213.136.0.0 255.255.0.0 192.168.10.254
ip route 213.167.0.0 255.255.0.0 213.167.114.129
!
logging trap debugging
logging facility local1
logging 192.168.1.245
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit any
access-list 3 permit 216.250.215.22
snmp-server community RW RO
snmp-server community RO RO
snmp-server community public RO
0
Comment
Question by:ossentoo
3 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 400 total points
ID: 7084036
You seem to be NATing the same external port 80 to more than one internal address.  As far as I know you cannot do that.

ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7084471
Agree with geoffryn. You can't map the same external address, same port to multiple inside addresses.

Why do you have this on your Ethernet port?

ip address 213.167.114.133 255.255.255.252 secondary

What is the actual address range that you have assigned to you from the isp?

I think you have big problems here:

interface Serial1
ip access-group 1 in
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255

Suggest removing the access-group from the interface until you have the access-list right...
0
 

Author Comment

by:ossentoo
ID: 7085543
Thx geoffryn,

Couldn't believe that that was the problem because it had been in my config all the time and worked.  For some reason , when i removed the multiple mappings, it worked straight away.

Thanks again.

 
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question