Cisco 2600 port forwarding.... again.

Hello, i have a 2600 with 2 fa's and one serial link hosting a t1.     Ive searched and hunted, and fought  and scratched the stupid thing.... when i input the ip nat inside source static 192.168.1.29 8767 68.187.246.58 8767  extendable command, it doesnt seem to actually forward the port.  Ive opened the port in my acl....heck ive tried the permit any any command when ive had it in...still wont connect...  And there is a side problem, when logged in to my vpn, which comes across the t1 and not over the wan port it blocks the terminal services when the ip nat inside .... command is active.      im not sure what to do ... but heres an abbreviated config.

Router1(config)#^Z
Router1#show run
Building configuration...

Current configuration : 8999 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router1
!
logging buffered 4096 informational
logging console informational
logging monitor informational
enable password 7 14150A5A5851
!
username deb privilege 15 password 7 05091E30751916
clock timezone edt -4
ip subnet-zero
!
!
no ip domain-lookup
!
!
!
!
interface FastEthernet0/0
 description connected to EthernetLAN_1
 ip address 192.168.1.1 255.255.255.0
 ip access-group 151 in
 ip access-group 151 out
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0
 description connected to fmrs_rtr2
 ip address 192.168.2.2 255.255.255.0
 no ip mroute-cache
 ip nat inside
 service-module t1 clock source internal
 service-module t1 remote-alarm-enable
!
interface FastEthernet0/1
 description connected to Internet
 ip address 68.187.246.58 255.255.255.0
 ip access-group ineqts in
 ip access-group outeq out
 ip nat outside
 duplex auto
 speed auto
!
ip default-gateway 68.187.246.1
ip nat pool FMRS 68.187.246.58 68.187.246.58 netmask

255.255.255.0
ip nat inside source list 1 pool FMRS overload
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 68.187.246.1
ip route 192.168.3.0 255.255.255.0 192.168.2.1
no ip http server
no ip pim bidir-enable

ps.. ive tried leaving the ip nat inside  comment under s0, and taking it out so that just e0 and e1 were the nats..... its hurting my brain. please help.
roscowgoAsked:
Who is Participating?
 
AutoSpongeConnect With a Mentor Commented:
debug info will be in the log.  You may have to extend your buffers if you have a lot of NAT going on at the moment.
0
 
AutoSpongeCommented:
well I don't see that command here, but if it's like you wrote it above it's missing the 'tcp' part.

example

ip nat inside source static tcp 192.168.0.5 80 171.68.1.1 80 extendable
0
 
AutoSpongeCommented:
Although most apps that use 8767 default to udp
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
roscowgoAuthor Commented:
ah sorry..... its not a tcp port i want to forward.... its udp 8767    
so it would be ip nat inside source static 192.168.1.29 8767 68.187.246.58 8767 extendable

i have tried it with no tcp or udp in the argument too... exact same results.  thanks
0
 
roscowgoAuthor Commented:
doh, forgot to add the udp in there again.     its for a teamspeak server.... nothing big.
0
 
AutoSpongeCommented:
and for troubleshooting, take the acl off the interface.  That's usually where the problem is anyway.  You must have UDP in the command.  
0
 
roscowgoAuthor Commented:
i would start changing things around right now... but there are people using that as their gateway...

did the ip nat detailed....  where do i find the debug info?
0
 
roscowgoAuthor Commented:
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12942: 02:57:37: NAT*: i: tcp (192.168.1.152, 1897) -> (216.235.81.9, 20336) [14037]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12941: 02:57:37: NAT*: s=216.109.118.151, d=68.187.246.58->192.168.1.245 [54897]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12940: 02:57:37: NAT*: o: udp (216.109.118.151, 5000) -> (68.187.246.58, 5000) [54897]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12939: 02:57:37: NAT*: s=192.168.1.245->68.187.246.58, d=68.142.231.9 [61174]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12938: 02:57:37: NAT*: TCP s=3516->1076, d=5100
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12937: 02:57:37: NAT*: i: tcp (192.168.1.245, 3516) -> (68.142.231.9, 5100) [61174]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12936: 02:57:37: NAT*: s=216.109.118.151, d=68.187.246.58->192.168.1.245 [54010]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12935: 02:57:37: NAT*: o: udp (216.109.118.151, 5000) -> (68.187.246.58, 5000) [54010]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12934: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39879]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12933: 02:57:37: NAT: TCP s=20336, d=1042->1897
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12932: 02:57:37: NAT: o: tcp (216.235.81.9, 20336) -> (68.187.246.58, 1042) [39879]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12931: 02:57:37: NAT*: s=192.168.1.152->68.187.246.58, d=216.235.81.9 [14036]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12930: 02:57:37: NAT*: TCP s=1897->1042, d=20336
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12929: 02:57:37: NAT*: i: tcp (192.168.1.152, 1897) -> (216.235.81.9, 20336) [14036]    
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12928: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39878]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12927: 02:57:37: NAT: TCP s=20336, d=1042->1897
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12926: 02:57:37: NAT: o: tcp (216.235.81.9, 20336) -> (68.187.246.58, 1042) [39878]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12925: 02:57:37: NAT: s=216.235.81.9, d=68.187.246.58->192.168.1.152 [39877]
11-02-2004      13:33:17      Local7.Debug      192.168.1.1      12924: 02:57:37: NAT: TCP s=20336, d=1042->1897
theres some of it.
0
 
AutoSpongeCommented:
I notice there's no traffic to the teamspeak server.  You'll need to add the nat static port translation command (probably fast eth since that's where the outside interface is) and run a test while watching the output from the log.
0
 
roscowgoAuthor Commented:
gonna have to do that at night....   the log is rolling by at light speed.....    roughly a meg every 3 secs on my syslog.    i will post the results tonight when noone is using the link.
0
 
roscowgoAuthor Commented:
thanks for the help.... had the stupid acl backwards.    
0
All Courses

From novice to tech pro — start learning today.