Port Forwarding on Cisco Router

Question

I'm a Cisco newbie, have the 1841, with two ethernet interfaces:

interface FastEthernet0/0: Internal
Desired destination IP: 186.67.181.140

interface FastEthernet0/1: External World
 IP 186.67.181.140

Want to make a HTTP port forwarding from External World to Internal IP.

Tried adding this rule, but does not make the forwarding:

ip nat inside source static tcp 192.168.1.20 80 186.67.181.140 80 extendable

Any idea why I don't get the port forwarding right?

Complete configuration:

interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.0 secondary
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
interface FastEthernet0/1
 ip address 186.67.181.140 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!         
ip classless
ip route 0.0.0.0 0.0.0.0 186.67.181.141
no ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.20 80 186.67.181.140 80 extendable
!         
!         
access-list 100 permit ip any any
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 permit ip 192.168.0.0 0.0.0.255 any

You don't really describe the problem very well. What *exactly* happens? How did you test whether the rule was working and what results did you get? (You may have just tested incorrectly -- for example, by testing from inside your own network when your rule only applies to traffic from the outside.) — David Schwartz, Jun 18 '14 at 17:02
I try to reach the public ip from a browser and I get connection refused. — jacktrades, Jun 18 '14 at 17:04
Where did you test from? Did you test from outside your network? Did you confirm that there's a listening socket bound to 192.168.1.20:80 for traffic to be NATted *to*? — David Schwartz, Jun 18 '14 at 17:09
Tested from outside and inside network with the public ip. Does not work. From Inside local ip, webserver at 192.168.1.20 works fine. — jacktrades, Jun 18 '14 at 17:13
That's very strange, because connection refused means that *something* is refusing the connection. — David Schwartz, Jun 18 '14 at 17:16
@DavidSchwartz https://gist.github.com/crised/5156763e8939d30e65ee — jacktrades, Jun 18 '14 at 17:16
@DavidSchwartz you were right, problem was with the webserver, I configured it without the default gateway! — jacktrades, Jun 18 '14 at 18:16
did you allow the the permit any to XXX.XXX.XXX.XXX to the outside interface access-list . You should have an access-group command under the outside interface — , Nov 13 '15 at 14:01

score 0 · Accepted Answer · answered Jun 18 '14 at 18:26

The problem was in my destination, different from cisco router.

To check if your cisco router is making port forwarding you do:

Router#sh ip nat trans | i 80

Then check if there is an entrance similar to this:

tcp 186.67.181.203:80  192.168.1.20:80    85.72.43.64:51720  85.72.43.64:51720

If it's there, it's making the port forwarding.

Port Forwarding on Cisco Router

1 Answers1