Re: NAT (Portforwarding) for local traffic

From: Huan Pham (pnhuan@yahoo.com)
Date: Tue Jul 15 2008 - 07:59:15 ART

• Next message: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Previous message: Petr Lapukhov: "Re: bgp aggregate-address"
• Maybe in reply to: Huan Pham: "NAT (Portforwarding) for local traffic"
• Next in thread: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Petr for the detailed explaination!
 
It looks more complicated that I have thought. I will read through, and modify
it to do what I want.

--- On Tue, 7/15/08, Petr Lapukhov <petr@internetworkexpert.com> wrote:

From: Petr Lapukhov <petr@internetworkexpert.com>
Subject: Re: NAT (Portforwarding) for local traffic
To: "Huan Pham" <Huan.Pham@peopletelecom.com.au>
Cc: ccielab@groupstudy.com
Date: Tuesday, July 15, 2008, 6:50 PM

Huan,
The question you asked was so interesting that i made a blog post about it
:)

http://blog.internetworkexpert.com/2008/07/15/a-curious-nat-scenario/

HTH

--
--
Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Outside US: 775-826-4344
Online Community: http://www.IEOC.com
CCIE Blog: http://blog.internetworkexpert.com
2008/7/15 Huan Pham <Huan.Pham@peopletelecom.com.au>:
> Sorry, I copied the old nat translations.
>
> Here is a more updated, after I tried telnet from outside, and from R1
> itself. The nat translations table looks OK to me.
>
> R1#sh ip nat translations
> Pro Inside global      Inside local       Outside local      Outside
> global
> tcp 150.0.0.3:23       10.1.1.3:23        12.0.0.2:12023
> 12.0.0.2:12023
> tcp 150.0.0.3:23       10.1.1.3:23        150.0.0.1:13980
> 150.0.0.1:13980
> tcp 150.0.0.3:23       10.1.1.3:23        ---                ---
>
>
> -----Original Message-----
> From: Huan Pham
> Sent: Tuesday, 15 July 2008 11:18 AM
> To: ccielab@groupstudy.com
> Subject: NAT (Portforwarding) for local traffic
>
> Hi Gs,
>
> I have an interesting problem with NAT. I try to set up port-forwarding
> NAT on a router so that I when I telnet to a public IP (part of loopback
> subnet) from outside, or from the NAT router itself, I will ended up on
> a local PC. Is it possible to force local traffic to be natted on a
> router that do natting?
>
> I am labbing this scenario and I can forward external Telnet traffic to
> a specific IP. However, if I try telnet from the NAT router, I got the
> telnet refused error message. Debugging, and show nat translation looks
> OK.
>
> I am missing something, or this is just not achievable? Thanks guys in
> advance.
>
>
>
> The topo:
>
>
> R3----------R1----------R2
>    inside  NAT  outside
>
>
> LAN:10.1.1.0/24
> WAN:12.0.0.0/24
> Loopback0 <http://12.0.0.0/24Loopback0> on R1: 150.0.0.1/24
>
> R3 is the Telnet server behind the NAT device, R2 is the external public
> hosts. If external device telnet to 150.0.0.10, it should end up on R3
> (10.1.1.10/24)
>
>
> R1#sh run | in interface|nat|address|ip route
>
> ip telnet source-interface Loopback0
>
> interface Loopback0
>  ip address 150.0.0.1 255.255.255.0
>  ip nat outside
>
> interface FastEthernet0/0
>  ip address 10.1.1.1 255.255.255.0
>  ip nat inside
>
> interface Serial0/0.1 point-to-point
>  ip address 12.0.0.1 255.255.255.0
>  ip nat outside
>  frame-relay interface-dlci 102
>
> ip nat inside source static tcp 10.1.1.3 23 150.0.0.3 23 extendable
>
> ip route 150.0.0.3 255.255.255.255 FastEthernet0/0
>
>
>
> R1#sh ip nat translations
> Pro Inside global      Inside local       Outside local      Outside
> global
> tcp 150.0.0.3:23       10.1.1.3:23        12.0.0.2:12023
> 12.0.0.2:12023
> tcp 150.0.0.3:23       10.1.1.3:23        12.0.0.2:23475
> 12.0.0.2:23475
> tcp 150.0.0.3:23       10.1.1.3:23        ---                ---
>
>
> Debug message on R3#
> !Telnet from R2 to 150.0.0.3 is successfull
>
> 02:16:04: IP: tableid=0, s=12.0.0.2 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:16:04: IP: s=12.0.0.2 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 40, rcvd 3
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
> sending
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
> sending
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 46,
> sending
>
>
> !Telnet from R1 (source loopback0) is not successful
>
> 02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 44, rcvd 3
> 02:19:05: IP: tableid=0, s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0),
> routed via FIB
> 02:19:05: IP: s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0), len 44,
> sending
> 02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 40, rcvd 3
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Previous message: Petr Lapukhov: "Re: bgp aggregate-address"
• Maybe in reply to: Huan Pham: "NAT (Portforwarding) for local traffic"
• Next in thread: Petr Lapukhov: "Re: NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART