Solved

NAT for port 80 not working.

Posted on 2002-06-17
3
454 Views
Last Modified: 2010-08-05
I have NAT working on a router which is not allowing connections to port 80.  When debugging, i get the following message for clients attempting a connection:

1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3
1w4d: NAT: no global port for 213.167.114.130
1w4d: IP: s=216.250.215.22 (Serial1.1), d=213.167.114.130 (Serial1.1), len 60, rcvd 3

What does 'no global port for 213.167.114.130' mean?  Tried to search on usenet and could find anything

where 213.167.114.130 is the IP address of the router and 216.250.215.22 is the external browser.  Here is the business end of the router config.  THis this something to do with Access lists and how can i test this using debug?

interface Ethernet0
 description Link To Internal
 ip address 213.167.114.133 255.255.255.252 secondary
 ip address 192.168.1.254 255.255.255.0
 ip access-group 2 out
 no ip directed-broadcast
 no ip proxy-arp
 ip accounting output-packets
 ip nat inside
!
interface Serial0
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 shutdown
 service-module 56k clock source line
 service-module 56k network-type dds
!
interface Serial1
 description FRAME-RELAY TWO CIRCUITS
 bandwidth 128
 no ip address
 ip access-group 1 in
 no ip directed-broadcast
 no ip proxy-arp
 ip accounting output-packets
 encapsulation frame-relay IETF
!
interface Serial1.1 point-to-point
 description : Link To UTLONLINE
 ip address 213.167.114.130 255.255.255.252
 no ip directed-broadcast
 ip nat outside
 frame-relay interface-dlci 36
!

router ospf 100
 network 172.16.1.0 0.0.0.255 area 3
 network 192.168.1.0 0.0.0.255 area 1
 network 192.168.10.0 0.0.0.255 area 2
 network 213.177.0.0 0.0.255.255 area 0
 network 216.250.215.0 0.0.0.255 area 24
!
ip default-gateway 213.167.114.129
ip nat inside source list 1 interface Serial1.1 overload
ip nat inside source static tcp 192.168.1.249 1731 213.167.114.130 1731 extendable
ip nat inside source static tcp 192.168.1.249 1720 213.167.114.130 1720 extendable
ip nat inside source static tcp 192.168.1.249 1503 213.167.114.130 1503 extendable
ip nat inside source static tcp 192.168.1.249 389 213.167.114.130 389 extendable
ip nat inside source static tcp 192.168.1.249 522 213.167.114.130 522 extendable
ip nat inside source static tcp 192.168.1.1 21 213.167.114.130 21 extendable
ip nat inside source static tcp 192.168.1.3 25 213.167.114.130 25 extendable
ip nat inside source static tcp 192.168.1.3 3389 213.167.114.130 3389 extendable

ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.245 80 213.167.114.134 80 extendable
ip nat inside source static tcp 192.168.1.245 21 213.167.114.134 21 extendable
ip nat inside source static tcp 192.168.1.245 25 213.167.114.134 25 extendable
ip nat inside source static tcp 192.168.1.2 1433 213.167.114.130 1433 extendable

ip nat inside source static tcp 192.168.1.3 8050 213.167.114.130 8050 extendable

ip nat inside source static udp 192.168.1.245 53 213.167.114.130 53 extendable


ip classless
ip route 0.0.0.0 0.0.0.0 213.167.114.129
ip route 172.16.1.0 255.255.255.0 192.168.10.254
ip route 192.168.5.0 255.255.255.0 192.168.10.254
ip route 192.168.10.0 255.255.255.0 192.168.10.254
ip route 213.136.0.0 255.255.0.0 192.168.10.254
ip route 213.167.0.0 255.255.0.0 213.167.114.129
!
logging trap debugging
logging facility local1
logging 192.168.1.245
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit any
access-list 3 permit 216.250.215.22
snmp-server community RW RO
snmp-server community RO RO
snmp-server community public RO
0
Comment
Question by:ossentoo
3 Comments
 
LVL 11

Accepted Solution

by:
geoffryn earned 100 total points
ID: 7084036
You seem to be NATing the same external port 80 to more than one internal address.  As far as I know you cannot do that.

ip nat inside source static tcp 192.168.1.2 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.1 80 213.167.114.130 80 extendable
ip nat inside source static tcp 192.168.1.3 80 213.167.114.130 80 extendable
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7084471
Agree with geoffryn. You can't map the same external address, same port to multiple inside addresses.

Why do you have this on your Ethernet port?

ip address 213.167.114.133 255.255.255.252 secondary

What is the actual address range that you have assigned to you from the isp?

I think you have big problems here:

interface Serial1
ip access-group 1 in
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255

Suggest removing the access-group from the interface until you have the access-list right...
0
 

Author Comment

by:ossentoo
ID: 7085543
Thx geoffryn,

Couldn't believe that that was the problem because it had been in my config all the time and worked.  For some reason , when i removed the multiple mappings, it worked straight away.

Thanks again.

 
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now