Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Cisco 2811 that is connected via FA 01 to a Netgear wireless/router. Everything work fine. I am trying to allow web traffic to get to the web server which sit behind my Netgear/wireless router. Can someone tell me the CLI statement to allow port forwarding via tcp 80 that will router traffic through the Cisco 2811 throught the Netgear/wireless router and to the web server. I know that the Netgear/wireless router has its own firewall and NAT stuff and am wondering if that could be the problem. Everytime I attempt to connect the web server with the current setup from the outside I get the Cisco login page. It says something like priviledge 15 login or something of the sort. I can see that traffic is hitting the Cisco router but not getting through the WGR614L. Help?
Last edited by metallica1973; 10-27-2008 at 11:31 AM.
well you'll only get the login box if you sent packets *TO* the router, not through it. you're all in private address land there right? so there's no natting to be done on the 2811 from what i can see.
Best is to forward all traffic to the firewall, and let the firewall forward port 80 to the webserver
first make sure telnet to the router will work from the outside (if needed)
ip nat inside source static tcp iplan ipwan 23
Remove all natting if present
no ......
forward everything to the firewall
ip nat inside source static ip-server ipwan extendable
I'm assuming that the Netgear box is a home Wireless Access Point / router. It is very likely that it is this that is blocking the traffic. It will most likely be set up to drop any unsolicited packets from the internet.
It is actually my friends setup. Thanks for all the replies. What everyone is saying is what I suspected from the beginning in that the Cisco router is either configured correctly to route packets through the router and the Netgear Home wireless/router is dropping stuff or that simply the router is not forwarding correctly. I will have my friend connect his web server to a WIC switch port to see if the router is actually forwarding to the web server. Like Robhogg said it is probaly the Netgear wireless/router that is causing the problem. If that is the case then what a major security flaw in the Cisco IOS. Why would it allow a login to the Cisco router after the forwarded packets are either dropped by the Netgear wireless/router or the Cisco router not routing correctly. Why would that be happening?
>Why would it allow a login to the Cisco router after the forwarded packets are either dropped by the Netgear wireless/router or the Cisco >router not routing correctly. Why would that be happening?
Because the router is configured to use port 80 for http login to configure it
You should disable this, and eventualy enable telnet for configuration
no ip http server
no ip http secure-server
you can use the accesslist so only a certain IP or IPrange can access the routerconfiguration via telnet
Current configuration : 1445 bytes ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname DTMFP ! enable secret 5 $AX$#XRWEX$XX enable password XXXXXXXX ! username DTMFP password 0 XXXXXXXX username CRWS_Shashi privilege 15 password 0 $DDQ%QGTFGSWEDT$% ip subnet-zero ip name-server 4.2.2.5 ip name-server 4.2.2.6 ! ip dhcp pool DTMFP import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 4.2.2.5 lease infinite ! ip urlfilter alert ip audit notify log ip audit po max-events 100 ! ! ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:192.168.1.1-255.255.255.0 ip address 192.168.1.1 255.255.255.0 ip nat inside no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 description Internet ip address dhcp client-id Ethernet1 no ip redirects no ip unreachables no ip proxy-arp ip nat outside no ip mroute-cache duplex auto no cdp enable ! ip nat inside source list 1 interface Ethernet1 overload ip nat inside source static tcp 192.168.2.4 80 interface Ethernet1 80 ip classless ip http server no ip http secure-server ! ! access-list 1 permit 192.168.1.0 0.0.0.255 no cdp run ! line con 0 no modem enable stopbits 1 line aux 0 no modem enable stopbits 1 line aux 0 stopbits 1 line vty 0 4 exec-timeout 120 0 password XXXXXXXXXXX login local length 0 ! scheduler max-task-time 5000 end
The LAN interface FA 0/0 is a 192.168.1.0 subnet and the Netgear is a 192.168.2.0. Is this the correct statement to forward port 80 traffic to the IIS server which is 192.168.2.4 which sits behind the Netgear wireless router?
I Agree, but then you need to configure ssh on the cisco,
however for that you need a Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.
I don't know if they want to have access from the outside.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.