Dogru bir önceki conf source destination host yanlıslıgından wede web için gerekli portlara izin vermediğmizden olmadı.
access-list 105 permit tcp any any eq 80
access-list 105 permit tcp any any eq 443
access-list 105 permit tcp any any eq 53
access-list 105 permit udp any any eq 53
access-list 105 permit tcp any any eq 23 (içerden router erişimi için)
access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 192.168.1.6 host 195.175.175.175 eq smtp (source destination değişiti...)
tum clientlar nete cıkar 80-53-443-23 nolu port dısındakiler kapalı
eğer baska port gerekli ise belirtmeniz gerekir pop3 vs gibi.
interface fast 0/0
ip access-group 105 in
uygulanması gerek
cmesut <cmesut@yahoo.com> wrote:
Merhaba Emre Bey ,
Sizin onerdiginiz gibi tanimlandiginde **hic bir client internete
cikamaz** oldu.
interface Dialer0
ip address negotiated
ip access-group 105 in
access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
Sanirim ayni interfaceden yani interface Dialer0 dan nat yapilmasi ve
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25
ve birde buraya sizin tarif ettiginiz gibi access-list uygulanmasi
karistiriyor.
Ozetle tum 192.168.1.0 networkunu internete cikartirken (192.168.1.6
mail serverda )
sadece ve sadece
ip adresi belirli bir mail serverin disardan
(access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq
smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25
interface Dialer0 25)ulasilmasi istenmekte.
Tekrar tesekkurlerimle..
Monday, April 17, 2006, 5:02:28 PM, you wrote:
>
access-list 105 permit ip any any
bu kısım tum trafiğine izin verir bunu kaldır.
interface FastEthernet0/0
!
ip access-group 105 in
inter dialer 0 da tanımla
interface Dialer0
ip access-group 105 in
cmesut <cmesut@yahoo.com> wrote:
Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan
configte sadece ip adresi belirli bir mail serverin disardan
(access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq
smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25
interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access
liste kacan bir sey var ki disardan baska mail serverlarda ulasabilmekte.
Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi calismalar.
!This is the running config of the router: 192.168.1.2
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.201 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 195.175.37.14 195.175.37.69
default-router 192.168.1.2
!
!
no ip bootp server
ip domain name yourdomain.com
ip name-server 195.175.37.14
ip name-server 195.175.37.69
!
username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
ip address 192.168.1.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer0
ip address negotiated
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ttnet
ppp chap password 123456
ppp pap sent-username user@ttnet password 123456
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
- In cisco-ttl@yahoogroups.com, emre aksoy <enisaksoy2000@...> wrote:
>
>
> access-list 105 permit ip any any
> bu kısım tum trafiğine izin verir bunu kaldır.
>
> interface FastEthernet0/0
> !
> ip access-group 105 in
>
> inter dialer 0 da tanımla
>
> interface Dialer0
> ip access-group 105 in
>
>
>
>
>
> cmesut <cmesut@...> wrote:
> Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan
> configte sadece ip adresi belirli bir mail serverin disardan
> (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq
> smtp)
> icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25
> interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access
> liste kacan bir sey var ki disardan baska mail serverlarda
ulasabilmekte.
>
> Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi
calismalar.
>
> !This is the running config of the router: 192.168.1.2
>
!----------------------------------------------------------------------------
> !version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname HnetRouter
> !
> boot-start-marker
> boot-end-marker
> !
> security authentication failure rate 3 log
> security passwords min-length 6
> logging buffered 51200 debugging
> logging console critical
> enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/
> !
> no aaa new-model
> !
> resource policy
> !
> clock timezone PCTime 2
> clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
> mmi polling-interval 60
> no mmi auto-configure
> no mmi pvc
> mmi snmp-timeout 180
> ip subnet-zero
> no ip source-route
> ip cef
> !
> !
> ip tcp synwait-time 10
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.1.1 192.168.1.99
> ip dhcp excluded-address 192.168.1.201 192.168.1.254
> !
> ip dhcp pool sdm-pool1
> import all
> network 192.168.1.0 255.255.255.0
> dns-server 195.175.37.14 195.175.37.69
> default-router 192.168.1.2
> !
> !
> no ip bootp server
> ip domain name yourdomain.com
> ip name-server 195.175.37.14
> ip name-server 195.175.37.69
> !
> username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
> !
> !
> !
> interface FastEthernet0/0
> description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
> ip address 192.168.1.2 255.255.255.0
> ip access-group 105 in
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip route-cache flow
> ip tcp adjust-mss 1412
> duplex auto
> speed auto
> no mop enabled
> !
> interface FastEthernet0/1
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> shutdown
> duplex auto
> speed auto
> no mop enabled
> !
> interface ATM0/0/0
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip route-cache flow
> no atm ilmi-keepalive
> dsl operating-mode auto
> !
> interface ATM0/0/0.1 point-to-point
> description $ES_WAN$$FW_OUTSIDE$
> pvc 8/35
> pppoe-client dial-pool-number 1
> !
> !
> interface Dialer0
> ip address negotiated
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip mtu 1452
> ip nat outside
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> ppp authentication chap pap callin
> ppp chap hostname user@ttnet
> ppp chap password 123456
> ppp pap sent-username user@ttnet password 123456
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> ip http server
> ip http authentication local
> ip http timeout-policy idle 5 life 86400 requests 10000
>
> ip nat inside source list 1 interface Dialer0 overload
>
> ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25
>
> !
> logging trap debugging
> access-list 1 remark INSIDE_IF=FastEthernet0/0
> access-list 1 remark SDM_ACL Category=2
> access-list 1 permit 192.168.1.0 0.0.0.255
>
> access-list 105 remark SDM_ACL Category=1
> access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp
> access-list 105 permit ip any any
>
> dialer-list 1 protocol ip permit
> no cdp run
> !
> control-plane
> !
> banner login ^CAuthorized access only!
> Disconnect IMMEDIATELY if you are not an authorized user!^C
> !
> line con 0
> login local
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> privilege level 15
> login local
> transport input telnet
> line vty 5 15
> privilege level 15
> login local
> transport input telnet
> !
> scheduler allocate 4000 1000
> end
>
>
>
>
>
>
>
> --
> Cisco Teknik Tartisma Listesi (Cisco-ttl)
>
> Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
> kullaniciya aittir. Liste yoneticileri, oneride bulunan liste
uyeleri ya da
> bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
tutulamazlar.
>
>
>
> ---------------------------------
> YAHOO! GROUPS LINKS
>
>
> Visit your group "cisco-ttl" on the web.
>
> To unsubscribe from this group, send an email to:
> cisco-ttl-unsubscribe@yahoogroups.com
>
> Your use of Yahoo! Groups is subject to the Yahoo! Terms of
Service.
>
>
> ---------------------------------
>
>
>
>
>
> [Non-text portions of this message have been removed]
>
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.
SPONSORED LINKS
Communication and networking Cisco systems inc Wireless communication and networking
---------------------------------
YAHOO! GROUPS LINKS
Visit your group "cisco-ttl" on the web.
To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
---------------------------------
[Non-text portions of this message have been removed]
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar.
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/cisco-ttl/
<*> To unsubscribe from this group, send an email to:
cisco-ttl-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Received on Tue Apr 18 12:27:22 2006