This is an example to advertise your internal WEB Server and DNS Server using CISCO Router.
The configuration are like the picture above.
You have one CISCO router which only have one ip address public 10.10.10.10 and you have WEB server and DNS server on your DMZ network 172.17.1.0/24
Step 1
Make sure your CISCO router already have access to the Internet.
Configure ip address public:
interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
Configure default gateway to your ISP
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Step 2
Make sure your WEB server and DNS server could have access to your router.
Configure ip addess private for DMZ network:
interface FastEthernet0/1
ip address 172.17.1.1 255.255.255.0
Step 3
Use NAT so your WEB server and DNS server could have access to the Internet.
Configure NAT overload:
ip access-list standard NAT-MASQUERADE
permit 172.17.1.0 0.0.0.255
ip nat inside source list NAT-MASQUERADE interface FastEthernet0/0 overload
interface FastEthernet0/0
ip nat outside
interface FastEthernet0/1
ip nat inside
Step 4
Advertise your WEB server and DNS server to the Internet using NAT
NAT configuration:
ip nat inside source static tcp 172.17.1.3 80 10.10.10.10 80
ip nat inside source static tcp 172.17.1.3 443 10.10.10.10 443
ip nat inside source static tcp 172.17.1.2 53 10.10.10.10 53
ip nat inside source static udp 172.17.1.2 53 10.10.10.10 53
#####################################################
Below is the complete configuration on CISCO router:
hostname router
!
interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 172.17.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT-MASQUERADE interface FastEthernet0/0 overload
ip nat inside source static tcp 172.17.1.3 80 10.10.10.10 80
ip nat inside source static tcp 172.17.1.3 443 10.10.10.10 443
ip nat inside source static tcp 172.17.1.2 53 10.10.10.10 53
ip nat inside source static udp 172.17.1.2 53 10.10.10.10 53
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ip access-list standard NAT-MASQUERADE
permit 172.17.1.0 0.0.0.255
!
line con 0
line vty 0 4
login
!
end
The configuration are like the picture above.
You have one CISCO router which only have one ip address public 10.10.10.10 and you have WEB server and DNS server on your DMZ network 172.17.1.0/24
Step 1
Make sure your CISCO router already have access to the Internet.
Configure ip address public:
interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
Configure default gateway to your ISP
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Step 2
Make sure your WEB server and DNS server could have access to your router.
Configure ip addess private for DMZ network:
interface FastEthernet0/1
ip address 172.17.1.1 255.255.255.0
Step 3
Use NAT so your WEB server and DNS server could have access to the Internet.
Configure NAT overload:
ip access-list standard NAT-MASQUERADE
permit 172.17.1.0 0.0.0.255
ip nat inside source list NAT-MASQUERADE interface FastEthernet0/0 overload
interface FastEthernet0/0
ip nat outside
interface FastEthernet0/1
ip nat inside
Step 4
Advertise your WEB server and DNS server to the Internet using NAT
NAT configuration:
ip nat inside source static tcp 172.17.1.3 80 10.10.10.10 80
ip nat inside source static tcp 172.17.1.3 443 10.10.10.10 443
ip nat inside source static tcp 172.17.1.2 53 10.10.10.10 53
ip nat inside source static udp 172.17.1.2 53 10.10.10.10 53
#####################################################
Below is the complete configuration on CISCO router:
hostname router
!
interface FastEthernet0/0
ip address 10.10.10.10 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 172.17.1.1 255.255.255.0
ip nat inside
!
ip nat inside source list NAT-MASQUERADE interface FastEthernet0/0 overload
ip nat inside source static tcp 172.17.1.3 80 10.10.10.10 80
ip nat inside source static tcp 172.17.1.3 443 10.10.10.10 443
ip nat inside source static tcp 172.17.1.2 53 10.10.10.10 53
ip nat inside source static udp 172.17.1.2 53 10.10.10.10 53
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
ip access-list standard NAT-MASQUERADE
permit 172.17.1.0 0.0.0.255
!
line con 0
line vty 0 4
login
!
end
