Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco 2600 port forwarding.... again.

Posted on 2004-11-02
12
Medium Priority
?
404 Views
Last Modified: 2010-04-10
Hello, i have a 2600 with 2 fa's and one serial link hosting a t1.     Ive searched and hunted, and fought  and scratched the stupid thing.... when i input the ip nat inside source static 192.168.1.29 8767 68.187.246.58 8767  extendable command, it doesnt seem to actually forward the port.  Ive opened the port in my acl....heck ive tried the permit any any command when ive had it in...still wont connect...  And there is a side problem, when logged in to my vpn, which comes across the t1 and not over the wan port it blocks the terminal services when the ip nat inside .... command is active.      im not sure what to do ... but heres an abbreviated config.

Router1(config)#^Z
Router1#show run
Building configuration...

Current configuration : 8999 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router1
!
logging buffered 4096 informational
logging console informational
logging monitor informational
enable password 7 14150A5A5851
!
username deb privilege 15 password 7 05091E30751916
clock timezone edt -4
ip subnet-zero
!
!
no ip domain-lookup
!
!
!
!
interface FastEthernet0/0
 description connected to EthernetLAN_1
 ip address 192.168.1.1 255.255.255.0
 ip access-group 151 in
 ip access-group 151 out
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 description connected to fmrs_rtr2
 ip address 192.168.2.2 255.255.255.0
 no ip mroute-cache
 ip nat inside
 service-module t1 clock source internal
 service-module t1 remote-alarm-enable
!
interface FastEthernet0/1
 description connected to Internet
 ip address 68.187.246.58 255.255.255.0
 ip access-group ineqts in
 ip access-group outeq out
 ip nat outside
 duplex auto
 speed auto
!
ip default-gateway 68.187.246.1
ip nat pool FMRS 68.187.246.58 68.187.246.58 netmask

255.255.255.0
ip nat inside source list 1 pool FMRS overload
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 68.187.246.1
ip route 192.168.3.0 255.255.255.0 192.168.2.1
no ip http server
no ip pim bidir-enable

ps.. ive tried leaving the ip nat inside  comment under s0, and taking it out so that just e0 and e1 were the nats..... its hurting my brain. please help.
0
Comment
Question by:roscowgo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12475225
well I don't see that command here, but if it's like you wrote it above it's missing the 'tcp' part.

example

ip nat inside source static tcp 192.168.0.5 80 171.68.1.1 80 extendable
0
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12475238
Although most apps that use 8767 default to udp
0
 

Author Comment

by:roscowgo
ID: 12475267
ah sorry..... its not a tcp port i want to forward.... its udp 8767    
so it would be ip nat inside source static 192.168.1.29 8767 68.187.246.58 8767 extendable

i have tried it with no tcp or udp in the argument too... exact same results.  thanks
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 
LVL 5

Expert Comment

by:AutoSponge
ID: 12475309
0
 

Author Comment

by:roscowgo
ID: 12475311
doh, forgot to add the udp in there again.     its for a teamspeak server.... nothing big.
0
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12475355
and for troubleshooting, take the acl off the interface.  That's usually where the problem is anyway.  You must have UDP in the command.  
0
 

Author Comment

by:roscowgo
ID: 12475426
i would start changing things around right now... but there are people using that as their gateway...

did the ip nat detailed....  where do i find the debug info?
0
 
LVL 5

Accepted Solution

by:
AutoSponge earned 2000 total points
ID: 12475441
debug info will be in the log.  You may have to extend your buffers if you have a lot of NAT going on at the moment.
0
 

Author Comment

by:roscowgo
ID: 12475682
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12942: 02:57:37: NAT*: i: tcp (192.168.1.152, 1897) -> (216.235.81.9, 20336) [14037]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12941: 02:57:37: NAT*: s=216.109.118.151, d=68.187.246.58->192.168.1.245 [54897]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12940: 02:57:37: NAT*: o: udp (216.109.118.151, 5000) -> (68.187.246.58, 5000) [54897]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12939: 02:57:37: NAT*: s=192.168.1.245->68.187.246.58, d=68.142.231.9 [61174]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12938: 02:57:37: NAT*: TCP s=3516->1076, d=5100
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12937: 02:57:37: NAT*: i: tcp (192.168.1.245, 3516) -> (68.142.231.9, 5100) [61174]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12936: 02:57:37: NAT*: s=216.109.118.151, d=68.187.246.58->192.168.1.245 [54010]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12935: 02:57:37: NAT*: o: udp (216.109.118.151, 5000) -> (68.187.246.58, 5000) [54010]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12934: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39879]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12933: 02:57:37: NAT: TCP s=20336, d=1042->1897
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12932: 02:57:37: NAT: o: tcp (216.235.81.9, 20336) -> (68.187.246.58, 1042) [39879]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12931: 02:57:37: NAT*: s=192.168.1.152->68.187.246.58, d=216.235.81.9 [14036]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12930: 02:57:37: NAT*: TCP s=1897->1042, d=20336
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12929: 02:57:37: NAT*: i: tcp (192.168.1.152, 1897) -> (216.235.81.9, 20336) [14036]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12928: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39878]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12927: 02:57:37: NAT: TCP s=20336, d=1042->1897
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12926: 02:57:37: NAT: o: tcp (216.235.81.9, 20336) -> (68.187.246.58, 1042) [39878]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12925: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39877]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12924: 02:57:37: NAT: TCP s=20336, d=1042->1897
theres some of it.
0
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12475840
I notice there's no traffic to the teamspeak server.  You'll need to add the nat static port translation command (probably fast eth since that's where the outside interface is) and run a test while watching the output from the log.
0
 

Author Comment

by:roscowgo
ID: 12475997
gonna have to do that at night....   the log is rolling by at light speed.....    roughly a meg every 3 secs on my syslog.    i will post the results tonight when noone is using the link.
0
 

Author Comment

by:roscowgo
ID: 12482726
thanks for the help.... had the stupid acl backwards.    
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question