NAT (Portforwarding) for local traffic

From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Mon Jul 14 2008 - 22:18:19 ART

• Next message: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Previous message: Huan Pham: "RE: UplinkFast and default port cost"
• Next in thread: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Maybe reply: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Maybe reply: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: Huan Pham: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: John: "Re: NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Gs,

I have an interesting problem with NAT. I try to set up port-forwarding
NAT on a router so that I when I telnet to a public IP (part of loopback
subnet) from outside, or from the NAT router itself, I will ended up on
a local PC. Is it possible to force local traffic to be natted on a
router that do natting?

I am labbing this scenario and I can forward external Telnet traffic to
a specific IP. However, if I try telnet from the NAT router, I got the
telnet refused error message. Debugging, and show nat translation looks
OK.

I am missing something, or this is just not achievable? Thanks guys in
advance.

The topo:

R3----------R1----------R2
    inside NAT outside

LAN:10.1.1.0/24
WAN:12.0.0.0/24
Loopback0 on R1: 150.0.0.1/24

R3 is the Telnet server behind the NAT device, R2 is the external public
hosts. If external device telnet to 150.0.0.10, it should end up on R3
(10.1.1.10/24)

R1#sh run | in interface|nat|address|ip route

ip telnet source-interface Loopback0

interface Loopback0
 ip address 150.0.0.1 255.255.255.0
 ip nat outside

interface FastEthernet0/0
 ip address 10.1.1.1 255.255.255.0
 ip nat inside

interface Serial0/0.1 point-to-point
 ip address 12.0.0.1 255.255.255.0
 ip nat outside
 frame-relay interface-dlci 102

ip nat inside source static tcp 10.1.1.3 23 150.0.0.3 23 extendable

ip route 150.0.0.3 255.255.255.255 FastEthernet0/0

R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside
global
tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:12023
12.0.0.2:12023
tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:23475
12.0.0.2:23475
tcp 150.0.0.3:23 10.1.1.3:23 --- ---

Debug message on R3#
!Telnet from R2 to 150.0.0.3 is successfull

02:16:04: IP: tableid=0, s=12.0.0.2 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:16:04: IP: s=12.0.0.2 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
40, rcvd 3
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
sending
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
sending
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 46,
sending

!Telnet from R1 (source loopback0) is not successful

02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
44, rcvd 3
02:19:05: IP: tableid=0, s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0),
routed via FIB
02:19:05: IP: s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0), len 44,
sending
02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
40, rcvd 3

• Next message: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Previous message: Huan Pham: "RE: UplinkFast and default port cost"
• Next in thread: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Maybe reply: Huan Pham: "RE: NAT (Portforwarding) for local traffic"
• Maybe reply: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: Huan Pham: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Maybe reply: John: "Re: NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART