Port Forwarding on Cisco Router

cisco nat port-forwarding ios

15,595

The problem was in my destination, different from cisco router.

To check if your cisco router is making port forwarding you do:

Router#sh ip nat trans | i 80

Then check if there is an entrance similar to this:

tcp 186.67.181.203:80  192.168.1.20:80    85.72.43.64:51720  85.72.43.64:51720

If it's there, it's making the port forwarding.

15,595

jacktrades

Updated on September 18, 2022

Comments

jacktrades over 1 year
I'm a Cisco newbie, have the 1841, with two ethernet interfaces:
```
interface FastEthernet0/0: Internal
Desired destination IP: 186.67.181.140

interface FastEthernet0/1: External World
 IP 186.67.181.140
```
Want to make a HTTP port forwarding from External World to Internal IP.

Tried adding this rule, but does not make the forwarding:
```
ip nat inside source static tcp 192.168.1.20 80 186.67.181.140 80 extendable
```
Any idea why I don't get the port forwarding right?

Complete configuration:
```
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
interface FastEthernet0/1
 ip address 186.67.181.140 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
ip classless
ip route 0.0.0.0 0.0.0.0 186.67.181.141
no ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.20 80 186.67.181.140 80 extendable
!         
!         
access-list 100 permit ip any any
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 permit ip 192.168.0.0 0.0.0.255 any
```
- David Schwartz almost 10 years
  
  You don't really describe the problem very well. What exactly happens? How did you test whether the rule was working and what results did you get? (You may have just tested incorrectly -- for example, by testing from inside your own network when your rule only applies to traffic from the outside.)
- jacktrades almost 10 years
  
  I try to reach the public ip from a browser and I get connection refused.
- David Schwartz almost 10 years
  
  Where did you test from? Did you test from outside your network? Did you confirm that there's a listening socket bound to 192.168.1.20:80 for traffic to be NATted to?
- jacktrades almost 10 years
  
  Tested from outside and inside network with the public ip. Does not work. From Inside local ip, webserver at 192.168.1.20 works fine.
- David Schwartz almost 10 years
  
  That's very strange, because connection refused means that something is refusing the connection.
- jacktrades almost 10 years
  
  @DavidSchwartz gist.github.com/crised/5156763e8939d30e65ee
- jacktrades almost 10 years
  
  @DavidSchwartz you were right, problem was with the webserver, I configured it without the default gateway!
- Admin over 8 years
  
  did you allow the the permit any to XXX.XXX.XXX.XXX to the outside interface access-list . You should have an access-group command under the outside interface