ossentoo
asked on
NAT for port 80 not working.
I have NAT working on a router which is not allowing connections to port 80. When debugging, i get the following message for clients attempting a connection:
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
What does 'no global port for 213.167.114.130' mean? Tried to search on usenet and could find anything
where 213.167.114.130 is the IP address of the router and 216.250.215.22 is the external browser. Here is the business end of the router config. THis this something to do with Access lists and how can i test this using debug?
interface Ethernet0
description Link To Internal
ip address 213.167.114.133 255.255.255.252 secondary
ip address 192.168.1.254 255.255.255.0
ip access-group 2 out
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
ip nat inside
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
service-module 56k clock source line
service-module 56k network-type dds
!
interface Serial1
description FRAME-RELAY TWO CIRCUITS
bandwidth 128
no ip address
ip access-group 1 in
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
encapsulation frame-relay IETF
!
interface Serial1.1 point-to-point
description : Link To UTLONLINE
ip address 213.167.114.130 255.255.255.252
no ip directed-broadcast
ip nat outside
frame-relay interface-dlci 36
!
router ospf 100
network 172.16.1.0 0.0.0.255 area 3
network 192.168.1.0 0.0.0.255 area 1
network 192.168.10.0 0.0.0.255 area 2
network 213.177.0.0 0.0.255.255 area 0
network 216.250.215.0 0.0.0.255 area 24
!
ip default-gateway 213.167.114.129
ip nat inside source list 1 interface Serial1.1 overload
ip nat inside source static tcp 192.168.1.249 1731 213.167.114.130 1731 extendable
ip nat inside source static tcp 192.168.1.249 1720 213.167.114.130 1720 extendable
ip nat inside source static tcp 192.168.1.249 1503 213.167.114.130 1503 extendable
ip nat inside source static tcp 192.168.1.249 389 213.167.114.130 389 extendable
ip nat inside source static tcp 192.168.1.249 522 213.167.114.130 522 extendable
ip nat inside source static tcp 192.168.1.1 21 213.167.114.130 21 extendable
ip nat inside source static tcp 192.168.1.3 25 213.167.114.130 25 extendable
ip nat inside source static tcp 192.168.1.3 3389 213.167.114.130 3389 extendable
ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.245 80 213.167.114.134 80 extendable
ip nat inside source static tcp 192.168.1.245 21 213.167.114.134 21 extendable
ip nat inside source static tcp 192.168.1.245 25 213.167.114.134 25 extendable
ip nat inside source static tcp 192.168.1.2 1433 213.167.114.130 1433 extendable
ip nat inside source static tcp 192.168.1.3 8050 213.167.114.130 8050 extendable
ip nat inside source static udp 192.168.1.245 53 213.167.114.130 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 213.167.114.129
ip route 172.16.1.0 255.255.255.0 192.168.10.254
ip route 192.168.5.0 255.255.255.0 192.168.10.254
ip route 192.168.10.0 255.255.255.0 192.168.10.254
ip route 213.136.0.0 255.255.0.0 192.168.10.254
ip route 213.167.0.0 255.255.0.0 213.167.114.129
!
logging trap debugging
logging facility local1
logging 192.168.1.245
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit any
access-list 3 permit 216.250.215.22
snmp-server community RW RO
snmp-server community RO RO
snmp-server community public RO
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
What does 'no global port for 213.167.114.130' mean? Tried to search on usenet and could find anything
where 213.167.114.130 is the IP address of the router and 216.250.215.22 is the external browser. Here is the business end of the router config. THis this something to do with Access lists and how can i test this using debug?
interface Ethernet0
description Link To Internal
ip address 213.167.114.133 255.255.255.252 secondary
ip address 192.168.1.254 255.255.255.0
ip access-group 2 out
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
ip nat inside
!
interface Serial0
no ip address
no ip directed-broadcast
no ip mroute-cache
shutdown
service-module 56k clock source line
service-module 56k network-type dds
!
interface Serial1
description FRAME-RELAY TWO CIRCUITS
bandwidth 128
no ip address
ip access-group 1 in
no ip directed-broadcast
no ip proxy-arp
ip accounting output-packets
encapsulation frame-relay IETF
!
interface Serial1.1 point-to-point
description : Link To UTLONLINE
ip address 213.167.114.130 255.255.255.252
no ip directed-broadcast
ip nat outside
frame-relay interface-dlci 36
!
router ospf 100
network 172.16.1.0 0.0.0.255 area 3
network 192.168.1.0 0.0.0.255 area 1
network 192.168.10.0 0.0.0.255 area 2
network 213.177.0.0 0.0.255.255 area 0
network 216.250.215.0 0.0.0.255 area 24
!
ip default-gateway 213.167.114.129
ip nat inside source list 1 interface Serial1.1 overload
ip nat inside source static tcp 192.168.1.249 1731 213.167.114.130 1731 extendable
ip nat inside source static tcp 192.168.1.249 1720 213.167.114.130 1720 extendable
ip nat inside source static tcp 192.168.1.249 1503 213.167.114.130 1503 extendable
ip nat inside source static tcp 192.168.1.249 389 213.167.114.130 389 extendable
ip nat inside source static tcp 192.168.1.249 522 213.167.114.130 522 extendable
ip nat inside source static tcp 192.168.1.1 21 213.167.114.130 21 extendable
ip nat inside source static tcp 192.168.1.3 25 213.167.114.130 25 extendable
ip nat inside source static tcp 192.168.1.3 3389 213.167.114.130 3389 extendable
ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.245 80 213.167.114.134 80 extendable
ip nat inside source static tcp 192.168.1.245 21 213.167.114.134 21 extendable
ip nat inside source static tcp 192.168.1.245 25 213.167.114.134 25 extendable
ip nat inside source static tcp 192.168.1.2 1433 213.167.114.130 1433 extendable
ip nat inside source static tcp 192.168.1.3 8050 213.167.114.130 8050 extendable
ip nat inside source static udp 192.168.1.245 53 213.167.114.130 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 213.167.114.129
ip route 172.16.1.0 255.255.255.0 192.168.10.254
ip route 192.168.5.0 255.255.255.0 192.168.10.254
ip route 192.168.10.0 255.255.255.0 192.168.10.254
ip route 213.136.0.0 255.255.0.0 192.168.10.254
ip route 213.167.0.0 255.255.0.0 213.167.114.129
!
logging trap debugging
logging facility local1
logging 192.168.1.245
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit any
access-list 3 permit 216.250.215.22
snmp-server community RW RO
snmp-server community RO RO
snmp-server community public RO
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thx geoffryn,
Couldn't believe that that was the problem because it had been in my config all the time and worked. For some reason , when i removed the multiple mappings, it worked straight away.
Thanks again.
Couldn't believe that that was the problem because it had been in my config all the time and worked. For some reason , when i removed the multiple mappings, it worked straight away.
Thanks again.
Why do you have this on your Ethernet port?
ip address 213.167.114.133 255.255.255.252 secondary
What is the actual address range that you have assigned to you from the isp?
I think you have big problems here:
interface Serial1
ip access-group 1 in
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
Suggest removing the access-group from the interface until you have the access-list right...