RE: [cisco-ttl] 1841 Router Adsl Nat ve Access List ile ilgili

From: Ahmet TOMBAK <ahmet.tombak_at_....>
Date: Mon Apr 17 2006 - 08:45:04 EEST


Selam, eger bu access liste access-list 105 permit any any bunu kaldirirsan hala disardan mail gelmeye devam edecek cunku. Access-list'te yasak koyan bir sey yok 

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
access-list 105 deny ip any any

seklinde olur bu arada bu access-listi atadigin yerden sadece ilgili ip'den smtp bilgileri gelir baska hic bir yerden hic bir baglanti gelmez.

Eger baska yerlerden de sadece smtp istekleri gelmesin ama baska baglantilar gelsin istiyorsan 

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
access-list 105 deny tcp any 192.168.1.6 eq smtp
access-list 105 permit ip any any

Selamlar,
Ahmet

-----Original Message-----
From: cisco-ttl@yahoogroups.com [mailto:cisco-ttl@yahoogroups.com] On Behalf Of emre aksoy
Sent: Tuesday, April 18, 2006 2:02 AM
To: cisco-ttl@yahoogroups.com
Subject: Re: [cisco-ttl] 1841 Router Adsl Nat ve Access List ile ilgili   

access-list 105 permit ip any any
  bu kısım tum trafiğine izin verir bunu kaldır.    

  interface FastEthernet0/0
!

ip access-group 105 in    

  inter dialer 0 da tanımla    

  interface Dialer0
  ip access-group 105 in           

cmesut <cmesut@yahoo.com> wrote:
  Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan configte sadece ip adresi belirli bir mail serverin disardan (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access liste kacan bir sey var ki disardan baska mail serverlarda ulasabilmekte.

Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi calismalar.

!This is the running config of the router: 192.168.1.2
!---------------------------------------------------------------------------
-
!version 12.4

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!

hostname HnetRouter
!

boot-start-marker
boot-end-marker
!

security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/
!

no aaa new-model
!

resource policy
!

clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!

ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.201 192.168.1.254
!

ip dhcp pool sdm-pool1

   import all
   network 192.168.1.0 255.255.255.0
   dns-server 195.175.37.14 195.175.37.69    default-router 192.168.1.2
!
!

no ip bootp server 

ip domain name yourdomain.com
ip name-server 195.175.37.14
ip name-server 195.175.37.69

!

username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
!
!
!

interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$ ip address 192.168.1.2 255.255.255.0
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!

interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!

interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!

interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
  pppoe-client dial-pool-number 1
!
!

interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ttnet
ppp chap password 123456
ppp pap sent-username user@ttnet password 123456
!

ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!

ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25

!

logging trap debugging 

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255

access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp access-list 105 permit ip any any

dialer-list 1 protocol ip permit
no cdp run
!

control-plane
!

banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!

line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!

scheduler allocate 4000 1000
end 

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 


    
---------------------------------
  YAHOO! GROUPS LINKS 

    
    Visit your group "cisco-ttl" on the web.
    
    To unsubscribe from this group, send an email to:
 cisco-ttl-unsubscribe@yahoogroups.com
    
    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 

    
---------------------------------
  




[Non-text portions of this message have been removed]





--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links



 






--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
Received on Tue Apr 18 10:49:01 2006

This archive was generated by hypermail 2.1.8 : Tue Apr 18 2006 - 10:49:04 EEST