[SOLVED] Port forward on cisco router

[Mike_130]

I have a 7206VXR running Version 12.4(12.2r)T.
I have an openfire XMPP server that needs to have port 5222 forwarded.
Server is 10.5.7.18. G0/1 is my WAN interface
I tried ip nat inside source static tcp 10.5.7.18 5222 int g0/1 5222 - when I did this, it said port 5222 is being used by system. I assumed this was because I had first implemented a NAT overload so my subnets could get out to the internet. I got around this by shutting the outside interface, clearing translations, and then it took the static NAT statement.
However, it doesn't seem to be working. sh ip nat translations doesn't show anything for 10.5.7.18:5222 and the chat server is still offline. Any help would be greatly appreciated.

Just as a side note: I removed the nat statements, the ACL, ip nat inside and outside, shut all the interfaces, rebooted the router, confirmed there was no NAT config present of any kind, re-applied the static, then the overload. Internet works, but still not seeing the port forward happening.

 

[Mike_130]

I've updated the router version to Version 15.0(1)M3. No change as of yet

 

[Mike_130]

I'm now seeing this

tcp x.x.x.x:5222 10.5.7.18:5222 --- ---

The outside global and outside local addresses aren't showing apparently

 

[bill001g]

I used to know this stuff really well but lack of use makes you forget.

The outside global and outside local most times will be blank if I remember correctly. These are not commonly natted. This is best thought of as a destination address....when you are looking at it from you PC viewpoint. There is little need to NAT a destination IP. There is little need to say change the IP of a web site on the internet. It is done for testing where you want to reroute a live internet site to a internal test server.

 

[Mike_130]

I used to know this stuff really well but lack of use makes you forget.

The outside global and outside local most times will be blank if I remember correctly. These are not commonly natted. This is best thought of as a destination address....when you are looking at it from you PC viewpoint. There is little need to NAT a destination IP. There is little need to say change the IP of a web site on the internet. It is done for testing where you want to reroute a live internet site to a internal test server.

Hi. Thanks for responding! I just find it ddd since all the other entries have one. Sample:

Inside local Outside local Outside global
tcp x.x.x.x:63617 10.5.7.17:63617 50.23.151.130:443 50.23.151.130:443
tcp x.x.x.x:63630 10.5.7.17:63630 52.230.222.68:443 52.230.222.68:443
tcp x.x.x.x:5222 10.5.7.18:5222 --- ---
udp x.x.x.x:49441 10.5.7.18:49441 8.8.8.8:53 8.8.8.8:53
udp x.x.x.x:49442 10.5.7.18:49442 4.2.2.2:53 4.2.2.2:53
udp x.x.x.x:49443 10.5.7.18:49443 4.2.2.2:53 4.2.2.2:53
udp x.x.x.x:49444 10.5.7.18:49444 8.8.8.8:53 8.8.8.8:53
udp x.x.x.x:49445 10.5.7.18:49445 8.8.8.8:53 8.8.8.8:53
udp x.x.x.x:49446 10.5.7.18:49446 4.2.2.2:53 4.2.2.2:53
udp x.x.x.x:49447 10.5.7.18:49447 4.2.2.2:53 4.2.2.2:53
udp x.x.x.x:49448 10.5.7.18:49448 8.8.8.8:53 8.8.8.8:53
udp x.x.x.x:49449 10.5.7.18:49449 8.8.8.8:53 8.8.8.8:53
udp x.x.x.x:50823 10.5.7.18:50823 4.2.2.2:53 4.2.2.2:53
udp x.x.x.x:50823 10.5.7.18:50823 8.8.8.8:53 8.8.8.8:53
tcp x.x.x.x:50869 10.5.7.18:50869 38.113.165.36:443 38.113.165.36:443
tcp x.x.x.x:50892 10.5.7.18:50892 169.48.173.165:5938 169.48.173.165:5938
tcp x.x.x.x:51228 10.5.7.18:51228 162.250.5.69:5938 162.250.5.69:5938

 

[Mike_130]

I managed to fix this. The overload 10.5.7.0 0.0.0.255 in the ACL was conflicting. I adjusted the ACL to include the other servers on that subnet, but did not include the one I needed port forwarded. Then I did the static NAT with the port forward and all seems to work.