[TriLUG] Off Topic: Need Cisco Router Config Help
trilug at dogstar1.com
trilug at dogstar1.com
Thu Apr 3 23:11:29 EDT 2008
Tarus, are there any other network devices on your LAN? Specifically, switches. It sounds like you are using the Cisco 800 as an internal switch as well. What is the web server physically attached to? What is the IP address returned by your internal DNS? Private or Public? If it is public that would be an explanation as to why your traffic ends up on the 800. If that needs to remain the case, you may be able to add
'bridge group 1' to Vlan1 but I would double check.
Assuming the 800 is the culprit, you can try the 'ip domain-list' command. This may help if the failure you experience when attempting to access the web server internally is a result of a virtual named host issue.
Also do have an access-list set up on this device? Could you also post the results of 'show ip nat translation'? And if needed you can debug with 'debug ip nat detailed'.
Just a couple shots in the dark but I hope it steers you in the right direction.
Nick
----- "Tarus Balog" <tarus at opennms.org> wrote:
| On Apr 3, 2008, at 7:32 PM, Chris Bullock wrote:
| > First thing I would do is without the help of the host file try to
|
| > ping
| > private.opennms.com and see what you get. Then perform a dig or
| > nslookup
| > to see exactly what DNS server gave you that IP.
|
| It's definitely not a DNS issue. It's a NAT issue.
|
| Let's assume the external address is 10.1.1.1 and the internal LAN is
|
| 172.20.1.0/24.
|
| If www.example.com points to 10.1.1.1, the router will NAT port 80 to
|
| 172.20.1.10.
|
| From outside the LAN, http://www.example.com works fine.
|
| From inside the LAN, http://www.example.com connects to the router's
|
| HTTP server (http://10.1.1.1), thus NAT is not working from the LAN.
|
| The *workaround* is to set, on the LAN, www.example.com to point to
| 172.20.1.10.
|
| Now, when the router was a Linksys, www.example.com worked in all
| places. I was wondering if there was something in the way Cisco does
|
| NAT to make that work as well.
|
| -T
|
| _______________________________________________________________________
| Tarus Balog, OpenNMS Maintainer Main: +1 919 533 0160
| The OpenNMS Group, Inc. Fax: +1 503 961 7746
| Email: tarus at opennms.org URL:
| http://www.opennms.org
| PGP Key Fingerprint: 8945 8521 9771 FEC9 5481 512B FECA 11D2 FD82
| B45C
|
| --
| TriLUG mailing list :
| http://www.trilug.org/mailman/listinfo/trilug
| TriLUG Organizational FAQ : http://trilug.org/faq/
| TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
More information about the TriLUG
mailing list