Raggiungibilità dell'ip pubblico da nat

[infor_mare]

Ho un 1801 configurato con un ip pubblico statico che fa da nat su una rete interna 192.168.1.0/24
Ho configurato la nat in modo da girare la porta 80 del pubblico sulla porta 80 di uno specifico server interno, in pratica un semplicissimo PAT per attivare un web server.
Il problema è che se provo a raggiungere il webserver da una macchina interna dietro nat usando l'ip pubblico e la porta , il browser mi da errore di connessione. Sicuramente è quache comando da inserire sulla config della nat o sulle acl , ma mi sapete dire quale?
grazie

[Mark23]

Ho un 1801 configurato con un ip pubblico statico che fa da nat su una rete interna 192.168.1.0/24
Ho configurato la nat in modo da girare la porta 80 del pubblico sulla porta 80 di uno specifico server interno, in pratica un semplicissimo PAT per attivare un web server.
Il problema è che se provo a raggiungere il webserver da una macchina interna dietro nat usando l'ip pubblico e la porta , il browser mi da errore di connessione. Sicuramente è quache comando da inserire sulla config della nat o sulle acl , ma mi sapete dire quale?
grazie

Butta qui l sh run...cosi' si potrebbe capire meglio cosa manca...

Ciao ciao

[infor_mare]

Ho un 1801 configurato con un ip pubblico statico che fa da nat su una rete interna 192.168.1.0/24
Ho configurato la nat in modo da girare la porta 80 del pubblico sulla porta 80 di uno specifico server interno, in pratica un semplicissimo PAT per attivare un web server.
Il problema è che se provo a raggiungere il webserver da una macchina interna dietro nat usando l'ip pubblico e la porta , il browser mi da errore di connessione. Sicuramente è quache comando da inserire sulla config della nat o sulle acl , ma mi sapete dire quale?
grazie

Butta qui l sh run...cosi' si potrebbe capire meglio cosa manca...

Ciao ciao

Eccola:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 1801
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 *******************
!
no aaa new-model
!
resource policy
!
clock timezone italia 1
clock summer-time oralegale recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
!
!
ip cef
!
!
ip tcp synwait-time 10
ip flow-cache timeout active 1
no ip bootp server
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM h323callsigalt
ip inspect name SDM_MEDIUM h323gatestat
ip inspect name SDM_MEDIUM skinny
ip inspect name SDM_MEDIUM sip-tls
ip inspect name SDM_MEDIUM sip
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
!
****
!
!
class-map match-any SDM-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any SDM-Signaling-1
match dscp cs3
match dscp af31
class-map match-any SDM-Scavenger-1
match dscp cs1
class-map match-any SDM-Routing-1
match dscp cs6
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any SDM-Voice-1
match dscp ef
match protocol sip
match protocol h323
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any SDM-Streaming-Video-1
match dscp cs4
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
class-map match-any SDM-Management-1
match dscp cs2
class-map match-any SDM-Interactive-Video-1
match dscp af41
class-map match-any SDM-BulkData-1
match dscp af11
match dscp af12
match dscp af13
!
!
policy-map SDM-QoS-Policy-1
class SDM-Voice-1
priority percent 33
estimate bandwidth delay-one-in 50 milliseconds 110
set ip dscp af31
class SDM-Signaling-1
bandwidth percent 5
class SDM-Routing-1
bandwidth percent 5
class SDM-Management-1
bandwidth percent 5
class SDM-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
drop
class sdm_p2p_kazaa
drop
class sdm_p2p_bittorrent
!
!
!
!
!
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 10.0.0.5 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip policy route-map rerouting
duplex auto
speed auto
service-policy output SDM-QoS-Policy-1
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
bandwidth 1068
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address x.x.x.230 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
!
interface Vlan1
no ip address
!
ip route 0.0.0.0 0.0.0.0 ATM0.1 15
ip route 0.0.0.0 0.0.0.0 10.0.0.2 18
ip route 0.0.0.0 0.0.0.0 10.0.0.50 20
ip route 0.0.0.0 0.0.0.0 10.0.0.1 21
ip route 0.0.0.0 0.0.0.0 BRI0 30
!
ip flow-export source FastEthernet0
ip flow-export version 5
ip flow-export destination 10.0.0.194 9996
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 50
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat service sip tcp port 5062
ip nat service sip udp port 5062
ip nat service allow-h323-keepalive
ip nat inside source list ACL-NAT interface ATM0.1 overload
ip nat inside source list rerouting interface FastEthernet0 overload
ip nat inside source static tcp 10.0.0.194 80 interface ATM0.1 80
ip nat inside source static tcp 10.0.0.194 9090 interface ATM0.1 9090
!
ip access-list extended ACL-NAT
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended rerouting
permit tcp any host y.y.y.155 eq 3306
permit udp any host y.y.y.155 eq 3306
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip any host 208.87.33.150
access-list 100 deny ip x.x.x.228 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip y.y.y.144 0.0.0.15 any
access-list 100 permit ip x.x.x.112 0.0.0.15 any
access-list 100 permit ip y.y.y.224 0.0.0.15 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host x.x.x.230 eq 9090
access-list 101 permit tcp any host x.x.x.230 eq 80
access-list 101 deny tcp any host x.x.x.230 eq 443
access-list 101 permit ip x.x.x.112 0.0.0.15 any
access-list 101 permit ip y.y.y.144 0.0.0.15 any
access-list 101 deny ip 10.0.0.0 0.0.0.255 any log
access-list 101 permit icmp any host x.x.x.230 echo-reply
access-list 101 permit icmp any host x.x.x.230 time-exceeded
access-list 101 permit icmp any host x.x.x.230 unreachable
access-list 101 deny tcp any host x.x.x.230 eq 22
access-list 101 deny tcp any host x.x.x.230 eq cmd
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
snmp-server community pippo RW
snmp-server ifindex persist
no cdp run
!
!
!
route-map rerouting permit 10
match ip address rerouting
set ip next-hop 10.0.0.2
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180232
ntp server 208.87.33.150

!
no inservice
!
end



Come vedete il server con ip privato 10.0.0.194 ha una rotta statica sul pubblico .230 porta 80 e porta 9090.
Se dal pc con privato 10.0.0.10 provo a raggiungere l'ip x.x.x.230:80 ho un errore di connessione. Ho visto altri forum , ma da quel poco che ho trovato mi sembra un problema difficilmente risolvibile.

[infor_mare]

Ho un 1801 configurato con un ip pubblico statico che fa da nat su una rete interna 192.168.1.0/24
Ho configurato la nat in modo da girare la porta 80 del pubblico sulla porta 80 di uno specifico server interno, in pratica un semplicissimo PAT per attivare un web server.
Il problema è che se provo a raggiungere il webserver da una macchina interna dietro nat usando l'ip pubblico e la porta , il browser mi da errore di connessione. Sicuramente è quache comando da inserire sulla config della nat o sulle acl , ma mi sapete dire quale?
grazie

Butta qui l sh run...cosi' si potrebbe capire meglio cosa manca...

Ciao ciao

Eccola:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 1801
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 *******************
!
no aaa new-model
!
resource policy
!
clock timezone italia 1
clock summer-time oralegale recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip source-route
!
!
ip cef
!
!
ip tcp synwait-time 10
ip flow-cache timeout active 1
no ip bootp server
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_MEDIUM h323callsigalt
ip inspect name SDM_MEDIUM h323gatestat
ip inspect name SDM_MEDIUM skinny
ip inspect name SDM_MEDIUM sip-tls
ip inspect name SDM_MEDIUM sip
!
appfw policy-name SDM_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
!
!
****
!
!
class-map match-any SDM-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any SDM-Signaling-1
match dscp cs3
match dscp af31
class-map match-any SDM-Scavenger-1
match dscp cs1
class-map match-any SDM-Routing-1
match dscp cs6
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any SDM-Voice-1
match dscp ef
match protocol sip
match protocol h323
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any SDM-Streaming-Video-1
match dscp cs4
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
class-map match-any SDM-Management-1
match dscp cs2
class-map match-any SDM-Interactive-Video-1
match dscp af41
class-map match-any SDM-BulkData-1
match dscp af11
match dscp af12
match dscp af13
!
!
policy-map SDM-QoS-Policy-1
class SDM-Voice-1
priority percent 33
estimate bandwidth delay-one-in 50 milliseconds 110
set ip dscp af31
class SDM-Signaling-1
bandwidth percent 5
class SDM-Routing-1
bandwidth percent 5
class SDM-Management-1
bandwidth percent 5
class SDM-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
policy-map sdmappfwp2p_SDM_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
drop
class sdm_p2p_kazaa
drop
class sdm_p2p_bittorrent
!
!
!
!
!
!
interface FastEthernet0
description $FW_INSIDE$$ETH-LAN$
ip address 10.0.0.5 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip policy route-map rerouting
duplex auto
speed auto
service-policy output SDM-QoS-Policy-1
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
bandwidth 1068
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$
ip address x.x.x.230 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_MEDIUM out
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
encapsulation aal5snap
service-policy input sdmappfwp2p_SDM_MEDIUM
service-policy output sdmappfwp2p_SDM_MEDIUM
!
!
interface Vlan1
no ip address
!
ip route 0.0.0.0 0.0.0.0 ATM0.1 15
ip route 0.0.0.0 0.0.0.0 10.0.0.2 18
ip route 0.0.0.0 0.0.0.0 10.0.0.50 20
ip route 0.0.0.0 0.0.0.0 10.0.0.1 21
ip route 0.0.0.0 0.0.0.0 BRI0 30
!
ip flow-export source FastEthernet0
ip flow-export version 5
ip flow-export destination 10.0.0.194 9996
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 50
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat service sip tcp port 5062
ip nat service sip udp port 5062
ip nat service allow-h323-keepalive
ip nat inside source list ACL-NAT interface ATM0.1 overload
ip nat inside source list rerouting interface FastEthernet0 overload
ip nat inside source static tcp 10.0.0.194 80 interface ATM0.1 80
ip nat inside source static tcp 10.0.0.194 9090 interface ATM0.1 9090
!
ip access-list extended ACL-NAT
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended rerouting
permit tcp any host y.y.y.155 eq 3306
permit udp any host y.y.y.155 eq 3306
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip any host 208.87.33.150
access-list 100 deny ip x.x.x.228 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip y.y.y.144 0.0.0.15 any
access-list 100 permit ip x.x.x.112 0.0.0.15 any
access-list 100 permit ip y.y.y.224 0.0.0.15 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any host x.x.x.230 eq 9090
access-list 101 permit tcp any host x.x.x.230 eq 80
access-list 101 deny tcp any host x.x.x.230 eq 443
access-list 101 permit ip x.x.x.112 0.0.0.15 any
access-list 101 permit ip y.y.y.144 0.0.0.15 any
access-list 101 deny ip 10.0.0.0 0.0.0.255 any log
access-list 101 permit icmp any host x.x.x.230 echo-reply
access-list 101 permit icmp any host x.x.x.230 time-exceeded
access-list 101 permit icmp any host x.x.x.230 unreachable
access-list 101 deny tcp any host x.x.x.230 eq 22
access-list 101 deny tcp any host x.x.x.230 eq cmd
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
snmp-server community pippo RW
snmp-server ifindex persist
no cdp run
!
!
!
route-map rerouting permit 10
match ip address rerouting
set ip next-hop 10.0.0.2
!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17180232
ntp server 208.87.33.150

!
no inservice
!
end



Come vedete il server con ip privato 10.0.0.194 ha una rotta statica sul pubblico .230 porta 80 e porta 9090.
Se dal pc con privato 10.0.0.10 provo a raggiungere l'ip x.x.x.230:80 ho un errore di connessione. Ho visto altri forum , ma da quel poco che ho trovato mi sembra un problema difficilmente risolvibile.

Nessuna idea???

[infor_mare]

Ho un 1801 configurato con un ip pubblico statico che fa da nat su una rete interna 192.168.1.0/24
Ho configurato la nat in modo da girare la porta 80 del pubblico sulla porta 80 di uno specifico server interno, in pratica un semplicissimo PAT per attivare un web server.
Il problema è che se provo a raggiungere il webserver da una macchina interna dietro nat usando l'ip pubblico e la porta , il browser mi da errore di connessione. Sicuramente è quache comando da inserire sulla config della nat o sulle acl , ma mi sapete dire quale?
grazie

Butta qui l sh run...cosi' si potrebbe capire meglio cosa manca...

Ciao ciao

Deve essere veramente impossibile se nessuno ha una minima idea di come fare!