jansor
asked on
Cisco 826 Web to server
Hi,
I have a Cisco 826 and i just use it to go on the internet. Now i have my personal website. The configuration at the moment allows only to go from my pc to the internet but not from the internet to my pc
So is it possible to open port 80 sow the can acces my website??
This is my configuration at the moment.
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
I have a Cisco 826 and i just use it to go on the internet. Now i have my personal website. The configuration at the moment allows only to go from my pc to the internet but not from the internet to my pc
So is it possible to open port 80 sow the can acces my website??
This is my configuration at the moment.
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
Is your web server running on 192.168.1.2? If so, your static NAT looks good. You are trying to connect to the Web server using the 217.136.220.210 IP address from outside your network right?
ASKER
in my webserver are 2 network cards one intern and another for the internet
My intern network is ip 192.168.0.10
My network card for the internet 192.168.1.2 (this is the card where the cisco router is on)
My intern network is ip 192.168.0.10
My network card for the internet 192.168.1.2 (this is the card where the cisco router is on)
Okay, the following line "ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80" is forwarding HTTP traffic destined to 217.136.220.210 to your web server (192.168.1.2). This looks good. From the outside you are using "http://217.136.220.210" right?
Remove the command, ip default-gateway 217.136.220.193:
en
conf t
no ip default-gateway 217.136.220.193
It is not necessary as you have IP routing enabled on the router.
Remove the command, ip default-gateway 217.136.220.193:
en
conf t
no ip default-gateway 217.136.220.193
It is not necessary as you have IP routing enabled on the router.
ASKER
Yes i am using "http://217.136.220.210" to enter the website (i hope)
so now at the moment my config is as following:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
so now at the moment my config is as following:
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
You might also want to try adding an access-list inbound on your ISP connection explicitly permitting web traffic. For example:
access-list 101 permit udp any eq 53 any <--- permit DNS lookups
access-list 101 permit tcp any any established <--- permit TCP sessions initiated from the inside
access-list 101 permit tcp any any eq 80 <--- permit HTTP traffic to your web server
access-list 101 permit tcp any any eq 25 <--- permit SMTP traffic to your mail server
access-list 101 permit tcp any any eq 21 <--- permit FTP traffic to your FTP server
access-list 101 permit icmp any any echo-reply <--- permit ICMP return packets
Apply it inbound on your ATM0.1 interface:
interface ATM0.1
ip access-group 101 in
access-list 101 permit udp any eq 53 any <--- permit DNS lookups
access-list 101 permit tcp any any established <--- permit TCP sessions initiated from the inside
access-list 101 permit tcp any any eq 80 <--- permit HTTP traffic to your web server
access-list 101 permit tcp any any eq 25 <--- permit SMTP traffic to your mail server
access-list 101 permit tcp any any eq 21 <--- permit FTP traffic to your FTP server
access-list 101 permit icmp any any echo-reply <--- permit ICMP return packets
Apply it inbound on your ATM0.1 interface:
interface ATM0.1
ip access-group 101 in
ASKER
Ok i am goiing to test it but it wil be for tomorow
But this is the script then right ??
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
ip access-group 101 in
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 permit udp any eq 53 any
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 21
access-list 101 permit icmp any any echo-reply
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
But this is the script then right ??
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
ip address 192.168.1.5 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
load-interval 30
no keepalive
!
interface ATM0
no ip address
no ip directed-broadcast
load-interval 30
no atm ilmi-keepalive
bundle-enable
hold-queue 224 in
!
interface ATM0.1 point-to-point
description Cisco 826 TurboLine OFFICE
ip address 217.136.220.210 255.255.255.192
ip access-group 101 in
no ip directed-broadcast
ip nat outside
pvc 0/35
!
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
inarp 30
vbr-nrt 128 128 32
inarp 30
oam-pvc manage 30
oam retry 6 2 10
encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 permit udp any eq 53 any
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 80
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 21
access-list 101 permit icmp any any echo-reply
!
line con 0
logging synchronous
transport input none
ip netmask-format decimal
stopbits 1
line vty 0 4
access-class 1 in
exec-timeout 15 0
login local
ip netmask-format decimal
!
scheduler max-task-time 5000
end
Yes, looks good.
ASKER
Hello,
there is stil a problem when i ping this ip i get the following fault.
Pingen naar 217.136.220.210 met 32 bytes aan gegevens:
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Ping-statistieken voor 217.136.220.210:
Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms
also When i try to use IE http://217.136.220.210
i get a time out error or a DNS Fault??
there is stil a problem when i ping this ip i get the following fault.
Pingen naar 217.136.220.210 met 32 bytes aan gegevens:
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Ping-statistieken voor 217.136.220.210:
Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
(0% verlies).
De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms
also When i try to use IE http://217.136.220.210
i get a time out error or a DNS Fault??
You won't be able to ping the address from the outside as you are denying it via the access-list.
Could your ISP possibly be denying inbound HTTP? Some ISP's don't allow you to run web or other servers. You may want to check with them as your configuration looks fine. Does inbound SMTP and FTP work (the other ports you are forwarding)?
Could your ISP possibly be denying inbound HTTP? Some ISP's don't allow you to run web or other servers. You may want to check with them as your configuration looks fine. Does inbound SMTP and FTP work (the other ports you are forwarding)?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.