View Full Version : Help: static NAT should be easy but I'm going insane
Simon
07-25-2004, 01:42 AM
Warning newbie question. I have a 1720 with static nat setup (i
think!) between the internet and a single host.
From the router I can ping single host 192.168.0.2 and any internet
address; from the single host i can only ping as far as the dhcp
assigned address 10.0.0.1 (eth0), but no further.
I figured I'd start with a simple configuration before setting up
dynamic nat and access lists thinking this would be straightforward
:). I'm guessing I'm nearly there but am totally stumped and would
really appreciate any advice.
Run conf:
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname newbie
!
boot-start-marker
boot-end-marker
!
enable secret XXXXXXXX
enable password XXXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip name-server 194.168.4.100
ip name-server 194.168.8.100
!
no ip cef
!
!
!
!
interface Ethernet0
mac-address 0001.03d6.f16a
ip address dhcp
ip nat outside
no ip route-cache
full-duplex
!
interface Ethernet1
no ip address
no ip route-cache
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
full-duplex
!
ip nat log translations syslog
ip nat inside source static 192.168.0.2 interface Ethernet0
ip classless
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
password XXXXX
login
!
!
end
sh ip nat translation:
Pro Inside global Inside local Outside local Outside
global
--- 10.0.0.1 192.168.0.2 --- ---
Ronnie Higginbotham
07-25-2004, 01:42 AM
Trying chaging your nat list to a destination IP not is use via the DHCP
server on E0 (for example 10.0.0.200)
ip nat inside source static 192.168.0.2 10.0.0.200
also can you attach the screen output for debug ip nat once you ping (you
may have to turn on terminal monitor to see the output)
"Simon" <h3ihatchi@yahoo.co.uk> wrote in message
news:fc6cdc11.0403141626.5b532852@posting.google.com...
> Warning newbie question. I have a 1720 with static nat setup (i
> think!) between the internet and a single host.
>
> From the router I can ping single host 192.168.0.2 and any internet
> address; from the single host i can only ping as far as the dhcp
> assigned address 10.0.0.1 (eth0), but no further.
>
> I figured I'd start with a simple configuration before setting up
> dynamic nat and access lists thinking this would be straightforward
> :). I'm guessing I'm nearly there but am totally stumped and would
> really appreciate any advice.
>
> Run conf:
>
> !
> version 12.3
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> no service dhcp
> !
> hostname newbie
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret XXXXXXXX
> enable password XXXXXXX
> !
> memory-size iomem 25
> no aaa new-model
> ip subnet-zero
> no ip routing
> !
> !
> ip name-server 194.168.4.100
> ip name-server 194.168.8.100
> !
> no ip cef
> !
> !
> !
> !
> interface Ethernet0
> mac-address 0001.03d6.f16a
> ip address dhcp
> ip nat outside
> no ip route-cache
> full-duplex
> !
> interface Ethernet1
> no ip address
> no ip route-cache
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> no ip route-cache
> speed auto
> full-duplex
> !
> ip nat log translations syslog
> ip nat inside source static 192.168.0.2 interface Ethernet0
> ip classless
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> password XXXXX
> login
> !
> !
> end
>
>
> sh ip nat translation:
>
> Pro Inside global Inside local Outside local Outside
> global
> --- 10.0.0.1 192.168.0.2 --- ---
Simon
07-25-2004, 01:42 AM
Thanks for the response! I think I've understood you correctly - I've
subsituted another number in the last octet only of the dhcp assigned
address i.e. not the address I'm currently leasing but nonetheless one
that could potentially be leased by the server - I've plumped for .200
dummy(config)#ip nat inside source static 192.168.0.2 10.0.0.200
dummy(config)#
20:49:17: %IPNAT-6-NAT_CREATED: Created ? 192.168.0.2:0 10.0.0.200:0
0.0.0.0:0
0.0.0.0:0
20:49:17: ipnat_add_static_cfg: id 1, flag 6
20:49:17: id 1, flags 0, domain 0, lookup 0, from_addr C0A80004,
from_mask FFFFFFFF, from_port 0, to_addr 50053DC8, to_port 0
to_mask FFF
FFFFF, proto 0
dummy#debug ip nat
IP NAT debugging is on
dummy#debug ip icmp
ICMP packet debugging is on
dummy#terminal monitor
% Console already monitors
dummy#ping 80.5.61.160
Type escape se
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [140]
ICMP: echo reply rcvd, src 192.168.0.4, dst 80.5.61.142quence to
abort.
Sending 5, 100-byte ICMP Echos to 80.5.61.160, timeout is 2 seconds:
..
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [141]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [142]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [143]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [144]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
Success rate is 0 percent (0/5)
Pinging 10.0.0.200 at the command line on host 192.168.0.2 is
successful with the following ICMP debug messages only appearing on
console of router:
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
and if the host pings dhcp assigned address 10.0.0.1:
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
-----------------------------
Simon
"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message news:<eT85c.9617$VK2.7522@newssvr23.news.prodigy.com>...
> Trying chaging your nat list to a destination IP not is use via the DHCP
> server on E0 (for example 10.0.0.200)
>
> ip nat inside source static 192.168.0.2 10.0.0.200
>
> also can you attach the screen output for debug ip nat once you ping (you
> may have to turn on terminal monitor to see the output)
>
>
>
> "Simon" <h3ihatchi@yahoo.co.uk> wrote in message
> news:fc6cdc11.0403141626.5b532852@posting.google.com...
> > Warning newbie question. I have a 1720 with static nat setup (i
> > think!) between the internet and a single host.
> >
> > From the router I can ping single host 192.168.0.2 and any internet
> > address; from the single host i can only ping as far as the dhcp
> > assigned address 10.0.0.1 (eth0), but no further.
> >
> > I figured I'd start with a simple configuration before setting up
> > dynamic nat and access lists thinking this would be straightforward
> > :). I'm guessing I'm nearly there but am totally stumped and would
> > really appreciate any advice.
> >
> > Run conf:
> >
> > !
> > version 12.3
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > no service dhcp
> > !
> > hostname newbie
> > !
> > boot-start-marker
> > boot-end-marker
> > !
> > enable secret XXXXXXXX
> > enable password XXXXXXX
> > !
> > memory-size iomem 25
> > no aaa new-model
> > ip subnet-zero
> > no ip routing
> > !
> > !
> > ip name-server 194.168.4.100
> > ip name-server 194.168.8.100
> > !
> > no ip cef
> > !
> > !
> > !
> > !
> > interface Ethernet0
> > mac-address 0001.03d6.f16a
> > ip address dhcp
> > ip nat outside
> > no ip route-cache
> > full-duplex
> > !
> > interface Ethernet1
> > no ip address
> > no ip route-cache
> > shutdown
> > half-duplex
> > !
> > interface FastEthernet0
> > ip address 192.168.0.1 255.255.255.0
> > ip nat inside
> > no ip route-cache
> > speed auto
> > full-duplex
> > !
> > ip nat log translations syslog
> > ip nat inside source static 192.168.0.2 interface Ethernet0
> > ip classless
> > no ip http server
> > !
> > !
> > line con 0
> > line aux 0
> > line vty 0 4
> > password XXXXX
> > login
> > !
> > !
> > end
> >
> >
> > sh ip nat translation:
> >
> > Pro Inside global Inside local Outside local Outside
> > global
> > --- 10.0.0.1 192.168.0.2 --- ---
Simon
07-25-2004, 01:43 AM
Just spotted an error in my response - please see below. Thanks in advance.
dummy(config)#ip nat inside source static 192.168.0.2 10.0.0.200
dummy(config)#
20:49:17: %IPNAT-6-NAT_CREATED: Created ? 192.168.0.2:0 10.0.0.200:0
0.0.0.0:0
0.0.0.0:0
20:49:17: ipnat_add_static_cfg: id 1, flag 6
20:49:17: id 1, flags 0, domain 0, lookup 0, from_addr C0A80004,
from_mask FFFFFFFF, from_port 0, to_addr 50053DC8, to_port 0
to_mask FFF
FFFFF, proto 0
dummy#debug ip nat
IP NAT debugging is on
dummy#debug ip icmp
ICMP packet debugging is on
dummy#terminal monitor
% Console already monitors
dummy#ping 10.0.0.200
Type escape se
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [140]
ICMP: echo reply rcvd, src 192.168.0.4, dst 80.5.61.142quence to
abort.
Sending 5, 100-byte ICMP Echos to 80.5.61.160, timeout is 2 seconds:
..
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [141]
CMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [142]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [143]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [144]
ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
Success rate is 0 percent (0/5)
Pinging 10.0.0.200 at the command line on host 192.168.0.2 is
successful with the following ICMP debug messages only appearing on
console of router:
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
and if the host pings dhcp assigned address 10.0.0.1:
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
-----------------------------
Simon
Ronnie Higginbotham
07-25-2004, 01:43 AM
Can you attach your config again. and also the routing table.
Do you have a route to 80.5.61.160?
"Simon" <h3ihatchi@yahoo.co.uk> wrote in message
news:fc6cdc11.0403151449.56d61ffa@posting.google.com...
> Just spotted an error in my response - please see below. Thanks in
advance.
>
> dummy(config)#ip nat inside source static 192.168.0.2 10.0.0.200
> dummy(config)#
> 20:49:17: %IPNAT-6-NAT_CREATED: Created ? 192.168.0.2:0 10.0.0.200:0
> 0.0.0.0:0
> 0.0.0.0:0
> 20:49:17: ipnat_add_static_cfg: id 1, flag 6
> 20:49:17: id 1, flags 0, domain 0, lookup 0, from_addr C0A80004,
> from_mask FFFFFFFF, from_port 0, to_addr 50053DC8, to_port 0
> to_mask FFF
> FFFFF, proto 0
> dummy#debug ip nat
> IP NAT debugging is on
> dummy#debug ip icmp
> ICMP packet debugging is on
> dummy#terminal monitor
> % Console already monitors
>
> dummy#ping 10.0.0.200
>
> Type escape se
> NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [140]
> ICMP: echo reply rcvd, src 192.168.0.4, dst 80.5.61.142quence to
> abort.
> Sending 5, 100-byte ICMP Echos to 80.5.61.160, timeout is 2 seconds:
> .
> NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [141]
> CMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [142]
> ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [143]
> ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [144]
> ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> Success rate is 0 percent (0/5)
>
>
> Pinging 10.0.0.200 at the command line on host 192.168.0.2 is
> successful with the following ICMP debug messages only appearing on
> console of router:
>
> ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
>
> and if the host pings dhcp assigned address 10.0.0.1:
>
> ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
>
> -----------------------------
>
> Simon
A. Yarrington
07-25-2004, 01:43 AM
Not sure I follow exactly what you're trying to accomplish, but one
thing stuck out in your config. That is, in your 'ip nat inside
source static' statement, it looks like your internal and external
addresses are reversed. I use such a static mapping on a 2610 router
of ours (basically same IOS as 1720, of which we also have 1), and my
syntax is as follows:
ip nat inside source static tcp 172.20.51.10 65.x.x.x extendable
where the 172.20 is the inside address (interface ethernet0 in your
case, I guess), and 65.x.x.x is the internet address.
h3ihatchi@yahoo.co.uk (Simon) wrote in message news:<fc6cdc11.0403141626.5b532852@posting.google.com>...
> Warning newbie question. I have a 1720 with static nat setup (i
> think!) between the internet and a single host.
>
> From the router I can ping single host 192.168.0.2 and any internet
> address; from the single host i can only ping as far as the dhcp
> assigned address 10.0.0.1 (eth0), but no further.
>
> I figured I'd start with a simple configuration before setting up
> dynamic nat and access lists thinking this would be straightforward
> :). I'm guessing I'm nearly there but am totally stumped and would
> really appreciate any advice.
>
> Run conf:
>
> !
> version 12.3
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> no service dhcp
> !
> hostname newbie
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret XXXXXXXX
> enable password XXXXXXX
> !
> memory-size iomem 25
> no aaa new-model
> ip subnet-zero
> no ip routing
> !
> !
> ip name-server 194.168.4.100
> ip name-server 194.168.8.100
> !
> no ip cef
> !
> !
> !
> !
> interface Ethernet0
> mac-address 0001.03d6.f16a
> ip address dhcp
> ip nat outside
> no ip route-cache
> full-duplex
> !
> interface Ethernet1
> no ip address
> no ip route-cache
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> no ip route-cache
> speed auto
> full-duplex
> !
> ip nat log translations syslog
> ip nat inside source static 192.168.0.2 interface Ethernet0
> ip classless
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> password XXXXX
> login
> !
> !
> end
>
>
> sh ip nat translation:
>
> Pro Inside global Inside local Outside local Outside
> global
> --- 10.0.0.1 192.168.0.2 --- ---
My first thought was where is the default route???
I have almost exactly the same setup at home plus:
ip route 0.0.0.0 0.0.0.0 ethernet 0
"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:n2r5c.9763$Kx.3269@newssvr23.news.prodigy.com...
> Can you attach your config again. and also the routing table.
>
> Do you have a route to 80.5.61.160?
>
>
> "Simon" <h3ihatchi@yahoo.co.uk> wrote in message
> news:fc6cdc11.0403151449.56d61ffa@posting.google.com...
> > Just spotted an error in my response - please see below. Thanks in
> advance.
> >
> > dummy(config)#ip nat inside source static 192.168.0.2 10.0.0.200
> > dummy(config)#
> > 20:49:17: %IPNAT-6-NAT_CREATED: Created ? 192.168.0.2:0 10.0.0.200:0
> > 0.0.0.0:0
> > 0.0.0.0:0
> > 20:49:17: ipnat_add_static_cfg: id 1, flag 6
> > 20:49:17: id 1, flags 0, domain 0, lookup 0, from_addr C0A80004,
> > from_mask FFFFFFFF, from_port 0, to_addr 50053DC8, to_port 0
> > to_mask FFF
> > FFFFF, proto 0
> > dummy#debug ip nat
> > IP NAT debugging is on
> > dummy#debug ip icmp
> > ICMP packet debugging is on
> > dummy#terminal monitor
> > % Console already monitors
> >
> > dummy#ping 10.0.0.200
> >
> > Type escape se
> > NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [140]
> > ICMP: echo reply rcvd, src 192.168.0.4, dst 80.5.61.142quence to
> > abort.
> > Sending 5, 100-byte ICMP Echos to 80.5.61.160, timeout is 2 seconds:
> > .
> > NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [141]
> > CMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> > NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [142]
> > ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> > NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [143]
> > ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> > NAT: s=10.0.0.1, d=10.0.0.200->192.168.0.2 [144]
> > ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.1.
> > Success rate is 0 percent (0/5)
> >
> >
> > Pinging 10.0.0.200 at the command line on host 192.168.0.2 is
> > successful with the following ICMP debug messages only appearing on
> > console of router:
> >
> > ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> >
> > and if the host pings dhcp assigned address 10.0.0.1:
> >
> > ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> > ICMP: echo reply sent, src 10.0.0.1, dst 192.168.0.2
> >
> > -----------------------------
> >
> > Simon
>
>
Simon
07-25-2004, 01:44 AM
Ok! here's my latest config after I changed the ip nat. I've also
included the suggestion of inserting a default route to eth0:
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname dummy
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXX
enable password XXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip name-server 194.168.4.100
ip name-server 194.168.8.100
!
no ip cef
!
!
!
!
interface Ethernet0
mac-address 0001.03d6.f06a
ip address dhcp
ip nat outside
no ip route-cache
full-duplex
!
interface Ethernet1
no ip address
no ip route-cache
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
full-duplex
!
ip nat log translations syslog
ip nat inside source static 192.168.0.2 10.0.0.200
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
password XXXXXX
login
!
!
end
And here's the output to the router terminal (ip and nat debug on) if
I ping 10.0.0.200 from host 192.168.0.2:
00:22:23: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
00:22:24: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
00:22:25: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
00:22:26: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
I can also successfully ping both the outside router interface address
10.0.0.142 and the inside router interface 192.168.0.1 from this host,
both resulting in ICMP debug output on the router terminal. Pinging an
internet address from host results in failure reason "Request timed
out" with nothing appearing on the router terminal in the process.
Here's what happens if I ping 10.0.0.200 directly from the router
command line, remembering that my dhcp leased ip is 10.0.0.142 and nat
is set to translate 192.168.0.2<->10.0.0.200:
00:26:13: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [15]
00:26:13: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
00:26:15: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [16]
00:26:15: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
00:26:17: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [17]
00:26:17: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
00:26:19: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [18]
00:26:19: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
00:26:21: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [19]
00:26:21: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
Success rate is 0 percent (0/5)
I can ping the internet from the router command line and I can ping
both 192.168.0.1, 192.168.0.2 no problems, all resulting in ICMP debug
output to terminal.
And finally here's the output of "sh ip route":
Default gateway is 10.0.0.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Ronnie Higginbotham
07-25-2004, 01:44 AM
Do this
Under your F0 add
ip add 192.168.0.2 255.255.255.0 sec
then
#ping
Protocol [ip]:
Target IP address: -----(Internet IP Address)
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.0.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
What does you out put look like?
What exactly is plugged up on the other end of E0 10.0.0.142 ?
"Simon" <h3ihatchi@yahoo.co.uk> wrote in message
news:fc6cdc11.0403161310.46a26e79@posting.google.com...
> Ok! here's my latest config after I changed the ip nat. I've also
> included the suggestion of inserting a default route to eth0:
>
> !
> version 12.3
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> no service dhcp
> !
> hostname dummy
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 XXXXXX
> enable password XXXXXX
> !
> memory-size iomem 25
> no aaa new-model
> ip subnet-zero
> no ip routing
> !
> !
> ip name-server 194.168.4.100
> ip name-server 194.168.8.100
> !
> no ip cef
> !
> !
> !
> !
> interface Ethernet0
> mac-address 0001.03d6.f06a
> ip address dhcp
> ip nat outside
> no ip route-cache
> full-duplex
> !
> interface Ethernet1
> no ip address
> no ip route-cache
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> no ip route-cache
> speed auto
> full-duplex
> !
> ip nat log translations syslog
> ip nat inside source static 192.168.0.2 10.0.0.200
> ip classless
> ip route 0.0.0.0 0.0.0.0 Ethernet0
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> password XXXXXX
> login
> !
> !
> end
>
>
> And here's the output to the router terminal (ip and nat debug on) if
> I ping 10.0.0.200 from host 192.168.0.2:
>
> 00:22:23: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> 00:22:24: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> 00:22:25: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
> 00:22:26: ICMP: echo reply sent, src 10.0.0.200, dst 192.168.0.2
>
> I can also successfully ping both the outside router interface address
> 10.0.0.142 and the inside router interface 192.168.0.1 from this host,
> both resulting in ICMP debug output on the router terminal. Pinging an
> internet address from host results in failure reason "Request timed
> out" with nothing appearing on the router terminal in the process.
>
> Here's what happens if I ping 10.0.0.200 directly from the router
> command line, remembering that my dhcp leased ip is 10.0.0.142 and nat
> is set to translate 192.168.0.2<->10.0.0.200:
>
> 00:26:13: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [15]
> 00:26:13: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
> 00:26:15: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [16]
> 00:26:15: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
> 00:26:17: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [17]
> 00:26:17: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
> 00:26:19: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [18]
> 00:26:19: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
> 00:26:21: NAT: s=10.0.0.142, d=10.0.0.200->192.168.0.2 [19]
> 00:26:21: ICMP: echo reply rcvd, src 192.168.0.2, dst 10.0.0.142.
> Success rate is 0 percent (0/5)
>
> I can ping the internet from the router command line and I can ping
> both 192.168.0.1, 192.168.0.2 no problems, all resulting in ICMP debug
> output to terminal.
>
> And finally here's the output of "sh ip route":
>
> Default gateway is 10.0.0.1
>
> Host Gateway Last Use Total Uses Interface
> ICMP redirect cache is empty
Martin Gallagher
07-25-2004, 01:44 AM
On Tue, 16 Mar 2004 13:10:06 -0800, Simon wrote:
> Ok! here's my latest config after I changed the ip nat. I've also included
> the suggestion of inserting a default route to eth0:
>
[snip]
> ip subnet-zero
> no ip routing
> !
[snip]
>
> Default gateway is 10.0.0.1
>
> Host Gateway Last Use Total Uses Interface
> ICMP redirect cache is empty
Not sure what you're trying to do here bur if this router is meant to be
routing, you should configure "ip routing".
--
Rgds,
Martin
Simon
07-25-2004, 01:44 AM
Hi Ronnie: Added a sec IP to fasteth0 as instructions. ping output as
follows:
Sending 5, 100-byte ICMP Echos to 217.12.3.11, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.2
00:38:27: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [100].
00:38:29: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [101].
00:38:31: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [102].
00:38:33: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [103].
00:38:35: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [104].
Success rate is 0 percent (0/5)
however if I:
no ip nat inside source static 192.168.0.2 10.0.0.200
ip nat inside source static 192.168.0.2 10.0.0.142
to change the translation to my real dhcp leased address 10.0.0.142
then output:
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/52
ms
00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [110]
00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [111]
00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [112]
00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [113]
00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [114]
My run config now stands as follows:
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname dummy
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXX
enable password XXXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip name-server 194.168.4.100
ip name-server 194.168.8.100
!
no ip cef
!
!
!
!
interface Ethernet0
mac-address 0001.03d6.f16a
ip address dhcp
ip nat outside
no ip route-cache
full-duplex
!
interface Ethernet1
no ip address
no ip route-cache
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.0.2 255.255.255.0 secondary
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
full-duplex
!
ip nat log translations syslog
ip nat inside source static 192.168.0.2 10.0.0.142
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
!
line con 0
line aux 0
line vty 0 4
password XXXXXX
login
!
!
end
eth0 is linked to a cablemodem. I have the mac address of eth0 cloning
the mac of the nic in the host if this is significant. sh ip route is
unchanged.
dummy#sh ip nat trans
Pro Inside global Inside local Outside local Outside
global
--- 80.5.61.142 192.168.0.2 --- ---
I had someone else on the internet ping my dhcp leased address
10.0.0.142 - they received successful replies but no NAT debug output
appearing on my router console in the process.
-------------------------------------------------------------------------------------
Martin - inputting the command "ip routing" in global conf mode
results in my being able to ping fasteth0 192.168.0.1 and 192.168.0.2
only with the above run conf. Pinging 10.0.0.142 results in the
following NAT debugging info:
01:21:32: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [180]
01:21:32: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [180].
01:21:34: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [181]
01:21:34: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [181].
01:21:36: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [182]
01:21:36: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [182].
01:21:38: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [183]
01:21:38: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [183].
01:21:40: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [184]
01:21:40: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [184].
Success rate is 0 percent (0/5)
Host 192.168.0.2 cannot ping fasteth0 interface 192.168.0.1 and
beyond, even when the clashing sec ip is removed from fasteth0 and no
NAT debug info is output to router terminal in the process.
I had someone else on the internet ping my dhcp leased address
10.0.0.142 with the following result on my router terminal:
01:36:18: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [18959]
01:36:23: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19085]
01:36:28: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19190]
01:36:34: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19307]
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
Simon
07-25-2004, 01:45 AM
Martin - please read the 80.5.61 as 10.0.0 - forgot to subsitute my
real ip address with the 10.0.0 in response but now I've gone and done
it....
h3ihatchi@yahoo.co.uk (Simon) wrote in message news:<fc6cdc11.0403171118.4b1ad47a@posting.google.com>...
> Hi Ronnie: Added a sec IP to fasteth0 as instructions. ping output as
> follows:
>
> Sending 5, 100-byte ICMP Echos to 217.12.3.11, timeout is 2 seconds:
> Packet sent with a source address of 192.168.0.2
>
> 00:38:27: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [100].
> 00:38:29: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [101].
> 00:38:31: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [102].
> 00:38:33: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [103].
> 00:38:35: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [104].
> Success rate is 0 percent (0/5)
>
> however if I:
>
> no ip nat inside source static 192.168.0.2 10.0.0.200
> ip nat inside source static 192.168.0.2 10.0.0.142
>
> to change the translation to my real dhcp leased address 10.0.0.142
> then output:
>
> Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/52
> ms
> 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [110]
> 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [111]
> 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [112]
> 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [113]
> 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [114]
>
> My run config now stands as follows:
>
> version 12.3
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> no service dhcp
> !
> hostname dummy
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 XXXXXXX
> enable password XXXXXXX
> !
> memory-size iomem 25
> no aaa new-model
> ip subnet-zero
> no ip routing
> !
> !
> ip name-server 194.168.4.100
> ip name-server 194.168.8.100
> !
> no ip cef
> !
> !
> !
> !
> interface Ethernet0
> mac-address 0001.03d6.f16a
> ip address dhcp
> ip nat outside
> no ip route-cache
> full-duplex
> !
> interface Ethernet1
> no ip address
> no ip route-cache
> shutdown
> half-duplex
> !
> interface FastEthernet0
> ip address 192.168.0.2 255.255.255.0 secondary
> ip address 192.168.0.1 255.255.255.0
> ip nat inside
> no ip route-cache
> speed auto
> full-duplex
> !
> ip nat log translations syslog
> ip nat inside source static 192.168.0.2 10.0.0.142
> ip classless
> ip route 0.0.0.0 0.0.0.0 Ethernet0
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
> password XXXXXX
> login
> !
> !
> end
>
> eth0 is linked to a cablemodem. I have the mac address of eth0 cloning
> the mac of the nic in the host if this is significant. sh ip route is
> unchanged.
>
> dummy#sh ip nat trans
> Pro Inside global Inside local Outside local Outside
> global
> --- 80.5.61.142 192.168.0.2 --- ---
>
> I had someone else on the internet ping my dhcp leased address
> 10.0.0.142 - they received successful replies but no NAT debug output
> appearing on my router console in the process.
>
> -------------------------------------------------------------------------------------
>
> Martin - inputting the command "ip routing" in global conf mode
> results in my being able to ping fasteth0 192.168.0.1 and 192.168.0.2
> only with the above run conf. Pinging 10.0.0.142 results in the
> following NAT debugging info:
>
> 01:21:32: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [180]
> 01:21:32: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [180].
> 01:21:34: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [181]
> 01:21:34: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [181].
> 01:21:36: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [182]
> 01:21:36: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [182].
> 01:21:38: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [183]
> 01:21:38: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [183].
> 01:21:40: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [184]
> 01:21:40: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [184].
> Success rate is 0 percent (0/5)
>
> Host 192.168.0.2 cannot ping fasteth0 interface 192.168.0.1 and
> beyond, even when the clashing sec ip is removed from fasteth0 and no
> NAT debug info is output to router terminal in the process.
>
> I had someone else on the internet ping my dhcp leased address
> 10.0.0.142 with the following result on my router terminal:
>
> 01:36:18: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [18959]
> 01:36:23: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19085]
> 01:36:28: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19190]
> 01:36:34: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19307]
>
> ------------------------------------------------------------------------------------
>
> ------------------------------------------------------------------------------------
Ronnie Higginbotham
07-25-2004, 01:45 AM
Simon I am a little confused about your setup.
First off based on RFC 1918 which is the non routable ips for the internet
10.x.x.x
172.16.x.x - 172.31.x.x
192.168.x.x
These are not routed on the internet. How can your friend ping your DHCP
leased address of 10.0.0.142 successful?
Sounds like you cable modem is also Nating you externally to a routable ip
on the internet.
What is your subnet mask on the E0 interface the 10.0.0.42 ip?
If I may also ask why do you have the interface learning via DHCP why not a
static IP on the interface?
"Simon" <h3ihatchi@yahoo.co.uk> wrote in message
news:fc6cdc11.0403171459.519f72e8@posting.google.com...
> Martin - please read the 80.5.61 as 10.0.0 - forgot to subsitute my
> real ip address with the 10.0.0 in response but now I've gone and done
> it....
>
> h3ihatchi@yahoo.co.uk (Simon) wrote in message
news:<fc6cdc11.0403171118.4b1ad47a@posting.google.com>...
> > Hi Ronnie: Added a sec IP to fasteth0 as instructions. ping output as
> > follows:
> >
> > Sending 5, 100-byte ICMP Echos to 217.12.3.11, timeout is 2 seconds:
> > Packet sent with a source address of 192.168.0.2
> >
> > 00:38:27: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [100].
> > 00:38:29: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [101].
> > 00:38:31: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [102].
> > 00:38:33: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [103].
> > 00:38:35: NAT: s=192.168.0.2->10.0.0.200, d=217.12.3.11 [104].
> > Success rate is 0 percent (0/5)
> >
> > however if I:
> >
> > no ip nat inside source static 192.168.0.2 10.0.0.200
> > ip nat inside source static 192.168.0.2 10.0.0.142
> >
> > to change the translation to my real dhcp leased address 10.0.0.142
> > then output:
> >
> > Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/52
> > ms
> > 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [110]
> > 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [111]
> > 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [112]
> > 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [113]
> > 00:48:20: NAT: s=192.168.0.2->10.0.0.142, d=217.12.3.11 [114]
> >
> > My run config now stands as follows:
> >
> > version 12.3
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > no service dhcp
> > !
> > hostname dummy
> > !
> > boot-start-marker
> > boot-end-marker
> > !
> > enable secret 5 XXXXXXX
> > enable password XXXXXXX
> > !
> > memory-size iomem 25
> > no aaa new-model
> > ip subnet-zero
> > no ip routing
> > !
> > !
> > ip name-server 194.168.4.100
> > ip name-server 194.168.8.100
> > !
> > no ip cef
> > !
> > !
> > !
> > !
> > interface Ethernet0
> > mac-address 0001.03d6.f16a
> > ip address dhcp
> > ip nat outside
> > no ip route-cache
> > full-duplex
> > !
> > interface Ethernet1
> > no ip address
> > no ip route-cache
> > shutdown
> > half-duplex
> > !
> > interface FastEthernet0
> > ip address 192.168.0.2 255.255.255.0 secondary
> > ip address 192.168.0.1 255.255.255.0
> > ip nat inside
> > no ip route-cache
> > speed auto
> > full-duplex
> > !
> > ip nat log translations syslog
> > ip nat inside source static 192.168.0.2 10.0.0.142
> > ip classless
> > ip route 0.0.0.0 0.0.0.0 Ethernet0
> > no ip http server
> > !
> > !
> > line con 0
> > line aux 0
> > line vty 0 4
> > password XXXXXX
> > login
> > !
> > !
> > end
> >
> > eth0 is linked to a cablemodem. I have the mac address of eth0 cloning
> > the mac of the nic in the host if this is significant. sh ip route is
> > unchanged.
> >
> > dummy#sh ip nat trans
> > Pro Inside global Inside local Outside local Outside
> > global
> > --- 80.5.61.142 192.168.0.2 --- ---
> >
> > I had someone else on the internet ping my dhcp leased address
> > 10.0.0.142 - they received successful replies but no NAT debug output
> > appearing on my router console in the process.
> >
>
> --------------------------------------------------------------------------
-----------
> >
> > Martin - inputting the command "ip routing" in global conf mode
> > results in my being able to ping fasteth0 192.168.0.1 and 192.168.0.2
> > only with the above run conf. Pinging 10.0.0.142 results in the
> > following NAT debugging info:
> >
> > 01:21:32: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [180]
> > 01:21:32: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [180].
> > 01:21:34: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [181]
> > 01:21:34: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [181].
> > 01:21:36: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [182]
> > 01:21:36: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [182].
> > 01:21:38: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [183]
> > 01:21:38: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [183].
> > 01:21:40: NAT: s=80.5.61.142, d=80.5.61.142->192.168.0.2 [184]
> > 01:21:40: NAT: s=192.168.0.2, d=80.5.61.142->192.168.0.2 [184].
> > Success rate is 0 percent (0/5)
> >
> > Host 192.168.0.2 cannot ping fasteth0 interface 192.168.0.1 and
> > beyond, even when the clashing sec ip is removed from fasteth0 and no
> > NAT debug info is output to router terminal in the process.
> >
> > I had someone else on the internet ping my dhcp leased address
> > 10.0.0.142 with the following result on my router terminal:
> >
> > 01:36:18: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [18959]
> > 01:36:23: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19085]
> > 01:36:28: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19190]
> > 01:36:34: NAT*: s=10.0.177.9, d=10.0.0.142->192.168.0.2 [19307]
> >
>
> --------------------------------------------------------------------------
----------
> >
>
> --------------------------------------------------------------------------
----------
Simon
07-25-2004, 01:46 AM
Ronnie - the ip address i get from my isp is dhcp assigned on a finite
lease - I don't unfortunately get a static one. The subnet mask
assigned is 24 bit.
you're absolutely correct about the my ip in view of the RFC. I had
taken some care (but not enough) to subsitute my real ip address with
the generic address for security. My real config attached below to
avoid any confusion:
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname dummy
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXX
enable password XXXXXX
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
ip name-server 194.168.4.100
ip name-server 194.168.8.100
!
ip cef
!
!
!
!
interface Ethernet0
mac-address 0001.03d6.f16a
ip address dhcp
full-duplex
!
interface Ethernet1
no ip address
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
speed auto
full-duplex
!
ip nat log translations syslog
ip classless
no ip http server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password XXXXXX
login
!
!
end
I've taken the kind suggestion from a couple of people to enable "ip
routing" - thanks for this (damn newbies)! This has given me some
entries in my routing table which I guess are pretty useful :)
dummy#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user
static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
80.0.0.0/24 is subnetted, 1 subnets
C 80.5.61.0 is directly connected, Ethernet0
C 192.168.0.0/24 is directly connected, FastEthernet0
dummy#
However, after enabling ip routing with the previously posted config
nat didn't work and I found I was unable to ping the internet or the
host from my router hence the stripped down config to verify basic
routing before re-introducing nat/forwarding. I have a problem which I
wonder may be the underlying one...
From the router: I can successfully ping the internet and fasteth0
192.168.0.1 but not the host 192.168.0.2 - this is all that the
terminal gives me if i try (icmp debug enabled)
----------------------
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.5, timeout is 2 seconds:
......
Success rate is 0 percent (0/5)
----------------------
From the host: I can't ping the router interface 192.168.0.1 (Request
timed out) but if I try I get the following icmp router debug output
on the router terminal
02:53:34: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
02:53:39: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
02:53:44: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
02:53:49: ICMP: echo reply sent, src 192.168.0.1, dst 192.168.0.2
The host can ping it's own address 192.168.0.1 and the host nic has
previously worked fine when directly connected to the internet via the
cable modem. My understanding is that hosts that are part of directly
connected networks in my routing table should ping successfully before
I worry about configuring routes?? Disabling IP routing results in my
being able to ping host from fasteth0 and vice versa??
dummy#sh int fasteth0
FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0008.a36c.f72f (bia
0008.a36c.f72f)
Internet address is 192.168.0.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:46, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
18959 packets input, 1200230 bytes
Received 693 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2434 packets output, 182027 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
2443 packets output, 182826 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
vBulletin v3.0.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.