From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Mon Jul 14 2008 - 22:25:02 ART
Sorry, I copied the old nat translations.
Here is a more updated, after I tried telnet from outside, and from R1
itself. The nat translations table looks OK to me.
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside
global
tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:12023
12.0.0.2:12023
tcp 150.0.0.3:23 10.1.1.3:23 150.0.0.1:13980
150.0.0.1:13980
tcp 150.0.0.3:23 10.1.1.3:23 --- ---
-----Original Message-----
From: Huan Pham
Sent: Tuesday, 15 July 2008 11:18 AM
To: ccielab@groupstudy.com
Subject: NAT (Portforwarding) for local traffic
Hi Gs,
I have an interesting problem with NAT. I try to set up port-forwarding
NAT on a router so that I when I telnet to a public IP (part of loopback
subnet) from outside, or from the NAT router itself, I will ended up on
a local PC. Is it possible to force local traffic to be natted on a
router that do natting?
I am labbing this scenario and I can forward external Telnet traffic to
a specific IP. However, if I try telnet from the NAT router, I got the
telnet refused error message. Debugging, and show nat translation looks
OK.
I am missing something, or this is just not achievable? Thanks guys in
advance.
The topo:
R3----------R1----------R2
inside NAT outside
LAN:10.1.1.0/24
WAN:12.0.0.0/24
Loopback0 on R1: 150.0.0.1/24
R3 is the Telnet server behind the NAT device, R2 is the external public
hosts. If external device telnet to 150.0.0.10, it should end up on R3
(10.1.1.10/24)
R1#sh run | in interface|nat|address|ip route
ip telnet source-interface Loopback0
interface Loopback0
ip address 150.0.0.1 255.255.255.0
ip nat outside
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
ip nat inside
interface Serial0/0.1 point-to-point
ip address 12.0.0.1 255.255.255.0
ip nat outside
frame-relay interface-dlci 102
ip nat inside source static tcp 10.1.1.3 23 150.0.0.3 23 extendable
ip route 150.0.0.3 255.255.255.255 FastEthernet0/0
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside
global
tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:12023
12.0.0.2:12023
tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:23475
12.0.0.2:23475
tcp 150.0.0.3:23 10.1.1.3:23 --- ---
Debug message on R3#
!Telnet from R2 to 150.0.0.3 is successfull
02:16:04: IP: tableid=0, s=12.0.0.2 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:16:04: IP: s=12.0.0.2 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
40, rcvd 3
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
sending
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
sending
02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
routed via FIB
02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 46,
sending
!Telnet from R1 (source loopback0) is not successful
02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
44, rcvd 3
02:19:05: IP: tableid=0, s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0),
routed via FIB
02:19:05: IP: s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0), len 44,
sending
02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
(Ethernet0/0), routed via RIB
02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
40, rcvd 3
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART