Question : Cisco 1710 Router config

Can someone tell me why this config can't browse the web please?   :)




version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$WHbG$NTXKub1AJUZEEIC3hxFLv.
enable password 7 104C1B1853131D05010126202D
!
clock timezone eastern -5
clock summer-time EDT recurring
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip domain list domain.net
ip domain name domain.net
ip name-server 192.168.1.3
!
no ip bootp server
ip cef
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall smtp
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall http
ip audit notify log
ip audit po max-events 100
ip ssh break-string
no ftp-server write-enable
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
 description External Static DSL Interface
 ip address 66.207.xxx.xxx 255.255.255.0
 ip access-group 101 in
 no ip proxy-arp
 ip nat outside
 half-duplex
 no cdp enable
!
interface FastEthernet0
 description Inside Static Interface to my LAN
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 speed auto
 full-duplex
 no cdp enable
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.3 25 66.207.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.1.5 80 66.207.xxx.xxx 80 extendable
ip nat inside source static tcp 192.168.1.3 5631 66.207.xxx.xxx 5631 extendable
ip nat inside source static udp 192.168.1.3 5632 66.207.xxx.xxx 5632 extendable
ip nat inside source static tcp 192.168.1.3 443 66.207.xxx.xxx 443 extendable
ip nat inside source static tcp 192.168.1.3 53 66.207.xxx.xxx 53 extendable
ip nat inside source static udp 192.168.1.3 53 66.207.xxx.xxx 53 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 66.207.xxx.1
no ip http server
no ip http secure-server
!
!
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 255.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 224.0.0.0 7.255.255.255 any log
access-list 101 deny   ip host 0.0.0.0 any log
access-list 101 deny   ip 66.207.xxx.0 0.0.0.255 any log
access-list 101 deny   ip host 169.254.8.78 any log
access-list 101 permit tcp any 66.207.xxx.0 0.0.0.255 gt 1023 established
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 net-unreachable
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 host-unreachable
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 port-unreachable
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 packet-too-big
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 administratively-prohibite
d
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 source-quench
access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 ttl-exceeded
access-list 101 permit tcp any host 66.207.xxx.xxx eq www
access-list 101 permit tcp any host 66.207.xxx.xxx eq smtp
access-list 101 permit tcp any host 66.207.xxx.xxx eq domain log
access-list 101 permit udp any host 66.207.xxx.xxx eq domain
access-list 101 permit tcp any host 66.207.xxx.xxx eq 5631
access-list 101 permit udp any host 66.207.xxx.xxx eq 5632
access-list 101 deny   ip any any log
no cdp run
!
banner login ^CPerimeter Router UNAUTHORIZED ACCESS PROHIBITED^C
!
line con 0
 exec-timeout 5 0
 password 7 0459190759254340041C091C1B
 login
line aux 0
 exec-timeout 0 10
 no exec
line vty 0 4
 exec-timeout 5 0
 password 7 110B0B0441160402092F272F21
 login
!
ntp clock-period 17168977
ntp server 204.34.198.41
ntp server 192.5.41.209 prefer
!
end

sfrouter#

Answer : Cisco 1710 Router config

You are right, I was just focusing on the access-list.  Access-list 1 is required to tell the router which traffic to NAT.  Without it, no traffic is being NAT'ed, hence the reason you weren't able to browse the Internet.