root52
join:2009-01-18
Lakewood, OH
| [HELP] NAT/PAT Routing Problem
Good Day All,
Been lurcking for a while and decided to post for the first time with this basic problem I have been hacking away at for a bit now. I am new to the Cisco world and working to obtain my CCNA to branch off into the voice world.
Anyway I have this 2651xm working on my home network for kicks/learning. I also have a dynamic dns update that works. I am trying to reach my ssh server behind the router from the outside. Below is the running config.
The line...
ip nat inside source static tcp 192.168.10.XXX 22 interface FastEthernet0/0 22
Is what I thought would do the trick. However it is not working. It does however work when I leave out the port numbers. and just have the static translation...
ip nat inside source static tcp 192.168.10.XXX interface FastEthernet0/0
No I am a bit unclear. Does that mean that ALL traffic that hits fa0/0 will be sent to my server?
Any help would be much appreciated.
Thanks!!
|
|
kamikatze
join:2007-11-02
| I think your NAT ACL is a bit too.. wild.
Try
|
|
biomed32uk
| reply to root52
I too have been having this problem, with a 2620 using the static NAT commands, leave the port numbers off and it works, put the port numbers in the static NAT command and it refuses any connections from the outside.
I have spent way too long trying to get this to work, all the docs i have read on the net say it should work, and i can see no errors.
Anyone have any suggestions ??. |
|
root52
join:2009-01-18
Lakewood, OH
| reply to root52
Thanks for the help with the access list. I have read a few things about access lists but wanted to get the port forwarding working first. You did clear up what I was doing wrong with the mask deceleration on the access list command though. Thanks!! Still havening the same problem as far as NAT goes. |
|
biomed32uk
join:2009-07-06 | I presume from that you have not got the NAT going then from outside in, I just cant see whats wrong, and it should be simple !!. |
|
kamikatze
join:2007-11-02 | I'm curious about the result of
debug ip packet detail
but make sure you do a
no logging console
before that and also don't run any other traffic but 22/tcp. |
|
root52
join:2009-01-18
Lakewood, OH
| reply to root52
WOW... Jim Fail... The config is fine. Works wonders with...
The trick is me testing it from within the network!! As I should have figured out prior to making this post. Works fine from outside the network. And after all that is what I was going for.
Anyway in the spirit of learning... would someone like to help me understand why? |
|
deepblackmag
join:2004-12-27
00000
| My understanding is that traffic (such as icmp or tcp) sent to a locally attached interface on the router is never NATted or actually "enters" via the "ip nat outside" interface. Its locally handled within the router. There is supposedly a trick using the NVI (nat virtual interface) with "ip nat enable" on the interfaces to get the router to hairpin traffic with NAT like with say a linksys. I havent personally been able to get it to work. |
|
