Re: [cisco-ttl] Oncelik

From: ozkan karacayoglu (ozkan_izmir_at_yahoo.com)
Date: Mon Dec 27 2004 - 13:09:21 GMT

  • Next message: redsnapper: "Re: [cisco-ttl] adsl uzerinden voip"

       Tamamdir Serhat Tekrar saol.

    --- Serhat Uslay <serhat.uslay_at_zurich.com.au> wrote:

    >
    > -Nat source listinde olmayan bir ip adresi diger
    > interfac e route edilirmi? Hayir,edilmez...
    > -ve Nat outside a gelen bir paket eger nat session
    > varsa gecer ama session yoksa drop mu edilir yada
    > yine
    > normal route mu edilir. Eger bu paket Nat icin aday
    > bir paket ise ve daha
    > once session yoksa NAT tablosu yaratilir onun icin
    > ve route edilir. Eger
    > aday degilse drop edilir.
    > -son olarak access-list 3 deki tanimlama anti-ip
    > spoofing icin yeterlimidir. Evet, acl 3 anti-spoof
    > icin kullanilabilir..
    >
    > Serhat
    >
    >
    > Please respond to cisco-ttl_at_yahoogroups.com
    >
    > To: cisco-ttl_at_yahoogroups.com
    > cc:
    > Subject: Re: [cisco-ttl] Oncelik
    >
    >
    >
    > Serhat evet iki f0 olmuş haklisin:) ilgin icin de
    > saol.
    > Buradaki asil anlasilamayan konu:
    > -Nat source listinde olmayan bir ip adresi diger
    > interfac e route edilirmi?
    > -ve Nat outside a gelen bir paket eger nat session
    > varsa gecer ama session yoksa drop mu edilir yada
    > yine
    > normal route mu edilir.
    > -son olarak access-list 3 deki tanimlama anti-ip
    > spoofing icin yeterlimidir.
    >
    >
    >
    > --- Serhat Uslay <serhat.uslay_at_zurich.com.au> wrote:
    >
    > >
    > > Su anda ikiside Fasteth0 gozukuyor. Herhalde
    > > 172.30.40.50 olan
    > > interface'in Fasteth1 olmasi lazim.
    > >
    > > Bu ciktida bazi duzeltmeler yapilabilir.
    > >
    > > 1) Sadece 3 host Fasteth1 e trafik
    > > gonderebilir..172.30.40.1,
    > > 172.172.30.40.2 ve 172.30.40.10 (access list 2).
    > Ama
    > > bunlardan sadece
    > > 172.30.40.1, 172.30.40.2 adreslerini degistirerek
    > > 192.168.30.50 adresini
    > > alabilir. 172.30.40.3 nat listesinde olmasina
    > ragmen
    > > access list 2 'de
    > > olmadigi icin silinebilir.
    > > yani
    > > access-list 1 permit 172.30.40.1
    > > access-list 1 permit 172.30.40.2
    > > access-list 1 permit 172.30.40.3 ( bunu silip
    > > 172.30.40.10 yapin eger
    > > bunun trafik yollamasini isterseniz.).
    > > NAT'den sonra route bakilir, default route olarak
    > > hersey 192.168.30.201 'a
    > > yollanir.
    > >
    > > Disardan gelen trafik (yani Fasteth0
    > 192.168.30.40'a
    > > ) acl 3 ile test
    > > edilir.Hersey gececek gibi gozukuyor 172.30.40.0
    > > disinda. Ama 172.30.40.0
    > > zaten obur tarafta o yuzden ACL 3 biraz fazla...
    > >
    > > Serhat
    > >
    > >
    > >
    > >
    > >
    > > Please respond to cisco-ttl_at_yahoogroups.com
    > >
    > > To: cisco-ttl_at_yahoogroups.com
    > > cc:
    > > Subject: [cisco-ttl] Oncelik
    > >
    > >
    > >
    > >
    > > Merhaba,
    > > Asagidaki ornek konfigde nat inside ve/veya
    > outside
    > > tarafina gelen
    > > bir paketin access-listlerden hangi sirayla
    > gececegi
    > > veya
    > > gecemeyecegi konusunda fikirleriniz nedir?
    > >
    > > !
    > > interface FastEthernet0
    > > ip address 192.168.30.40 255.255.255.0
    > > ip nat outside
    > > ip access-group 3 in
    > > half-duplex
    > > !
    > > interface FastEthernet0
    > > ip address 172.30.40.50 255.255.255.0
    > > ip nat inside
    > > ip access-group 2 in
    > > speed auto
    > > half-duplex
    > > !
    > > ip nat pool pool 192.168.30.50 192.168.30.50
    > > prefix-length 24
    > > ip nat inside source list 1 pool pool overload
    > > ip classless
    > > !
    > > ip route 0.0.0.0 0.0.0.0 192.168.30.201
    > > !
    > > access-list 1 permit 172.30.40.1
    > > access-list 1 permit 172.30.40.2
    > > access-list 1 permit 172.30.40.3
    > > !
    > > access-list 2 permit 172.30.40.1
    > > access-list 2 permit 172.30.40.2
    > > access-list 2 permit 172.30.40.10
    > > !
    > > access-list 101 permit 172.30.40.1 0.0.0.255 any
    > > !
    > > access-list 102 permit 172.10.10.10 0.0.0.255 any
    > > !
    > > access-list 3 deny 172.30.40.0
    > > access-list 3 permit any
    > > !
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > Bu listenin Cisco Systems ile herhangi bir
    > > baglantisi bulunmamaktadir.
    > >
    > > Listeden cikmak için
    > > cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir
    > > e-posta gönderebilirsiniz.
    > > Yahoo! Groups Links
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > ----
    > > This email is intended for the named recipient
    > only.
    > > It may contain information which is confidential,
    > > commercially sensitive, or copyright. If you are
    > not
    > > the intended recipient you must not reproduce or
    > > distribute any part of the email, disclose its
    > > contents, or take any action in reliance. If you
    > > have received this email in error, please contact
    > > the sender and delete the message. It is your
    > > responsibility to scan this email and any
    > > attachments for viruses and other defects.
    > > To the extent permitted by law, Zurich and its
    > > associates will not be liable for any loss or
    > damage
    > > arising in any way from this communication
    > including
    > > any file attachments. We may monitor email you
    > send
    > > to us, either as a reply to this email or any
    > email
    > > you send to us, to confirm our systems are
    > protected
    > > and for compliance with company policies. Although
    > > we take reasonable precautions to protect the
    > > confidentiality of our email systems, we do not
    > > warrant the confidentiality or security of email
    > or
    > > attachments we receive.
    > >
    > > [Non-text portions of this message have been
    > > removed]
    > >
    > >
    >
    >
    >
    >
    === message truncated ===

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com

    ------------------------ Yahoo! Groups Sponsor --------------------~-->
    Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar.
    Now with Pop-Up Blocker. Get it for free!
    http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/26EolB/TM
    --------------------------------------------------------------------~->

    Bu listenin Cisco Systems ile herhangi bir baglantisi bulunmamaktadir.

    Listeden cikmak için cisco-ttl-unsubscribe_at_yahoogroups.com adresine bir e-posta gönderebilirsiniz.
    Yahoo! Groups Links

    <*> To visit your group on the web, go to:
        http://groups.yahoo.com/group/cisco-ttl/

    <*> To unsubscribe from this group, send an email to:
        cisco-ttl-unsubscribe_at_yahoogroups.com

    <*> Your use of Yahoo! Groups is subject to:
        http://docs.yahoo.com/info/terms/
     



    This archive was generated by hypermail 2.1.5 : Mon Dec 27 2004 - 18:16:27 GMT