Need help with port forwarding on a Cisco 1841

[Vortosh]

I don't know if this is the right place to ask or if  I will get any response but its worth a try, as the title says I need some help with port forwarding on a Cisco 1841 router anyone around here have the knowledge to give me a shove in the right direction?

 

To outline my situation:
I'm a student and taking a Networking course so I wanted a home lab to play around with for some extra learning but whilst setting things up I thought what the hell why not just replace my network setup (a basic BT home hub) for a little speed boost. I game all the time and run two servers, one for storage and the other for some game servers and VMs so a decent networking set up as well seemed to make sense.

 

With my basic knowledge of the Cisco CLI, I have got the router working and my wired connection to the servers and my desktop runs beautifully but I now have the problem of needed to be able to access the servers from outside the network hence the reason for port forwarding. I have tried multiple guides online and still can't get anything working so I'm not sure if its the port forwarding I'm doing wrong or if its something else.

If anyone has any idea about what I might be doing wrong I would appreciate the assistance, I can also post the current config if anyone wants to have a look to see if anything is out of place.

[Lurick]

What does your config look like now?

[Vortosh]

Here is the current config, I've replaced any usernames or passwords with 'username' and 'password' 

 

 

Building configuration...

Current configuration : 3197 bytes
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$TOX9$q3a7htT61yJL7IAVUhaH60
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool main_dhcp_pool
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 194.74.65.68 8.8.8.8
!
!
no ip domain lookup
ip domain name testnet
ip name-server 194.76.65.68
ip name-server 8.8.8.8
ip ddns update method myupdate
 HTTP
  add http://User:Password@dynupdate.no-ip.com/nic/updatehostname=<h>&myip=<a>
 interval maximum 2 0 0 0
!
!
!
!
username Admin privilege 15 secret 5 $1$tLgO$8JYhgTZaFalpyY2Edw50B.
!
!
!
!
!
!
interface FastEthernet0/0
 ip ddns update hostname username.ddns.com
 ip ddns update myupdate
 no ip address
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1350
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
interface Serial0/1/0
 no ip address
 shutdown
 clock rate 2000000
!
interface Dialer1
 ip address negotiated
 ip access-group 101 in
 no ip unreachables
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 ppp chap hostname username@btinternet.com
 ppp chap password 7 112C181603110401062F7B74
 ppp pap sent-username username@btinternet.com password 7 123C040406080309282E7478
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 remark INTERNET-ACCESS
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip 255.0.0.0 0.255.255.255 any
access-list 101 deny   ip 224.0.0.0 7.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   udp any any range 33400 34400
access-list 101 permit icmp any any net-unreachable
access-list 101 permit icmp any any host-unreachable
access-list 101 permit icmp any any port-unreachable
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any administratively-prohibited
access-list 101 permit icmp any any source-quench
access-list 101 permit icmp any any ttl-exceeded
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any established
access-list 101 permit udp any any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 logging synchronous
 login local
line aux 0
 logging synchronous
 login local
line vty 0
 logging synchronous
 login local
 transport input ssh
line vty 1 4
 login
!
scheduler allocate 20000 1000
end

[rickard.claesson]

This should help you:

https://supportforums.cisco.com/t5/network-infrastructure-blogs/implementation-of-static-pat-port-address-translation/ba-p/3098659

[Lurick]

Should be:

conf t

ip nat inside source static [tcp|udp] (internal address) (internal port) interface Dialer1 (external port)

access-list 101 permit tcp any any eq 80

[Vortosh]

Thanks for the reply, I tried adding this in and it doesn't seems to work still. I also realised that I can't actually ping my network form another network so there might be something else wrong with the script? 

[bcguru9384]

On ‎10‎/‎17‎/‎2017 at 3:27 PM, Vortosh said:

ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload

try subnet of 255 255 255 252 see if still says dialer overloaded

[Blake]

As a temp measure set your access list to allow everything through.

 

from memory:

permit tcp any any eq port

permit udp any any eq port

 

also make sure these are at the top of the list, as cisco works top to bottom, and when the traffic matches a single rule it stops processing further rules (i.e. have a deny any any at the top and nothing will work.

[bcguru9384]

netsh ras add multilink type=multi (for ppp connections) bacp if cable modem

netsh ras add link type=lcp (again ppp tool)   swc if cable modem

[LAwLz]

6 hours ago, bcguru9384 said:

try subnet of 255 255 255 252 see if still says dialer overloaded

On the static route? Bad idea. That would mean only the first two connected devices on his network could be reached.

Actually, that static route might not be needed at all since it is directly connected.

 

 

OP before you start configuring port-forwarding you need to make sure that you actually got connectivity. Can your router ping a website? Try pinging 8.8.8.8 for example. If it can't then you need to look into the more basic stuff.

If it works then trying pinging from your computer on the inside network. If it can't ping then it's probably a NAT issue. If it can then you can start looking into port forwarding.

[Lurick]

8 hours ago, bcguru9384 said:

try subnet of 255 255 255 252 see if still says dialer overloaded

Do...do you even know what overload means?

It's for using PAT, it tells the interface to use a single address for all connections in a NAT environment.