Re: NAT (Portforwarding) for local traffic

From: John (jgarrison1@austin.rr.com)
Date: Tue Jul 15 2008 - 12:37:49 ART

• Next message: Jonathan Greenwood II: "Re: rip passive int with neighbor command"
• Previous message: austin okojie: "IPS Question"
• Maybe in reply to: Huan Pham: "NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Did you try policy routing? Thats all I got.
----- Original Message -----
From: "Huan Pham" <Huan.Pham@peopletelecom.com.au>
To: <ccielab@groupstudy.com>
Sent: Monday, July 14, 2008 7:25 PM
Subject: RE: NAT (Portforwarding) for local traffic

> Sorry, I copied the old nat translations.
>
> Here is a more updated, after I tried telnet from outside, and from R1
> itself. The nat translations table looks OK to me.
>
> R1#sh ip nat translations
> Pro Inside global Inside local Outside local Outside
> global
> tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:12023
> 12.0.0.2:12023
> tcp 150.0.0.3:23 10.1.1.3:23 150.0.0.1:13980
> 150.0.0.1:13980
> tcp 150.0.0.3:23 10.1.1.3:23 --- ---
>
>
> -----Original Message-----
> From: Huan Pham
> Sent: Tuesday, 15 July 2008 11:18 AM
> To: ccielab@groupstudy.com
> Subject: NAT (Portforwarding) for local traffic
>
> Hi Gs,
>
> I have an interesting problem with NAT. I try to set up port-forwarding
> NAT on a router so that I when I telnet to a public IP (part of loopback
> subnet) from outside, or from the NAT router itself, I will ended up on
> a local PC. Is it possible to force local traffic to be natted on a
> router that do natting?
>
> I am labbing this scenario and I can forward external Telnet traffic to
> a specific IP. However, if I try telnet from the NAT router, I got the
> telnet refused error message. Debugging, and show nat translation looks
> OK.
>
> I am missing something, or this is just not achievable? Thanks guys in
> advance.
>
>
>
> The topo:
>
>
> R3----------R1----------R2
> inside NAT outside
>
>
> LAN:10.1.1.0/24
> WAN:12.0.0.0/24
> Loopback0 on R1: 150.0.0.1/24
>
> R3 is the Telnet server behind the NAT device, R2 is the external public
> hosts. If external device telnet to 150.0.0.10, it should end up on R3
> (10.1.1.10/24)
>
>
> R1#sh run | in interface|nat|address|ip route
>
> ip telnet source-interface Loopback0
>
> interface Loopback0
> ip address 150.0.0.1 255.255.255.0
> ip nat outside
>
> interface FastEthernet0/0
> ip address 10.1.1.1 255.255.255.0
> ip nat inside
>
> interface Serial0/0.1 point-to-point
> ip address 12.0.0.1 255.255.255.0
> ip nat outside
> frame-relay interface-dlci 102
>
> ip nat inside source static tcp 10.1.1.3 23 150.0.0.3 23 extendable
>
> ip route 150.0.0.3 255.255.255.255 FastEthernet0/0
>
>
>
> R1#sh ip nat translations
> Pro Inside global Inside local Outside local Outside
> global
> tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:12023
> 12.0.0.2:12023
> tcp 150.0.0.3:23 10.1.1.3:23 12.0.0.2:23475
> 12.0.0.2:23475
> tcp 150.0.0.3:23 10.1.1.3:23 --- ---
>
>
> Debug message on R3#
> !Telnet from R2 to 150.0.0.3 is successfull
>
> 02:16:04: IP: tableid=0, s=12.0.0.2 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:16:04: IP: s=12.0.0.2 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 40, rcvd 3
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
> sending
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 43,
> sending
> 02:16:04: IP: tableid=0, s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0),
> routed via FIB
> 02:16:04: IP: s=10.1.1.3 (local), d=12.0.0.2 (Ethernet0/0), len 46,
> sending
>
>
> !Telnet from R1 (source loopback0) is not successful
>
> 02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 44, rcvd 3
> 02:19:05: IP: tableid=0, s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0),
> routed via FIB
> 02:19:05: IP: s=10.1.1.3 (local), d=150.0.0.1 (Ethernet0/0), len 44,
> sending
> 02:19:05: IP: tableid=0, s=150.0.0.1 (Ethernet0/0), d=10.1.1.3
> (Ethernet0/0), routed via RIB
> 02:19:05: IP: s=150.0.0.1 (Ethernet0/0), d=10.1.1.3 (Ethernet0/0), len
> 40, rcvd 3
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Jonathan Greenwood II: "Re: rip passive int with neighbor command"
• Previous message: austin okojie: "IPS Question"
• Maybe in reply to: Huan Pham: "NAT (Portforwarding) for local traffic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART