Re: [cisco-ttl] Re: 1841 Router Adsl Nat ve Access List ile ilgili

From: emre aksoy <enisaksoy2000_at_....>
Date: Tue Apr 18 2006 - 11:52:13 EEST


  Dogru bir önceki conf source destination host yanl&#305;sl&#305;g&#305;ndan wede web için gerekli portlara izin vermedi&#287;mizden olmad&#305;.

  access-list 105 permit tcp any any eq 80
  access-list 105 permit tcp any any eq 443
  access-list 105 permit tcp any any eq 53
  access-list 105 permit udp any any eq 53
  access-list 105 permit tcp any any eq 23 (içerden router eri&#351;imi için)
  access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp host 192.168.1.6 host 195.175.175.175 eq smtp (source destination de&#287;i&#351;iti...)    

  tum clientlar nete c&#305;kar 80-53-443-23 nolu port d&#305;s&#305;ndakiler kapal&#305;   e&#287;er baska port gerekli ise belirtmeniz gerekir pop3 vs gibi.    

  interface fast 0/0
  ip access-group 105 in
   uygulanmas&#305; gerek            

cmesut <cmesut@yahoo.com> wrote:
  Merhaba Emre Bey ,

Sizin onerdiginiz gibi tanimlandiginde **hic bir client internete cikamaz** oldu.

interface Dialer0
ip address negotiated
ip access-group 105 in

access-list 105 remark SDM_ACL Category=1 access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp

Sanirim ayni interfaceden yani interface Dialer0 dan nat yapilmasi ve ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25 ve birde buraya sizin tarif ettiginiz gibi access-list uygulanmasi karistiriyor.

Ozetle tum 192.168.1.0 networkunu internete cikartirken (192.168.1.6 mail serverda )
sadece ve sadece
ip adresi belirli bir mail serverin disardan (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25)ulasilmasi istenmekte.

Tekrar tesekkurlerimle..

Monday, April 17, 2006, 5:02:28 PM, you wrote:

>
  

access-list 105 permit ip any any
  bu kısım tum trafiğine izin verir bunu kaldır.    

  interface FastEthernet0/0
!
ip access-group 105 in    

  inter dialer 0 da tanımla    

  interface Dialer0
  ip access-group 105 in           

cmesut <cmesut@yahoo.com> wrote:
  Merhaba asagida 1841 routerda Sdm 2.3 versiyon arayuz ile yapilan configte sadece ip adresi belirli bir mail serverin disardan (access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp)
icerde maplenmis (ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25)ulasilmasi istenmekte.Sanirim uygulanan access liste kacan bir sey var ki disardan baska mail serverlarda ulasabilmekte.

Yorumlayacak arkadaslara simdiden tesekkurlerimle..Herkese iyi calismalar.

!This is the running config of the router: 192.168.1.2
!----------------------------------------------------------------------------
!version 12.4

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$sRDo$8yc7/TitiHkIsJeBhKB/8/ !
no aaa new-model
!
resource policy
!
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00 mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.201 192.168.1.254 !
ip dhcp pool sdm-pool1

   import all
   network 192.168.1.0 255.255.255.0
   dns-server 195.175.37.14 195.175.37.69    default-router 192.168.1.2
!
!
no ip bootp server

ip domain name yourdomain.com
ip name-server 195.175.37.14
ip name-server 195.175.37.69

!
username cisco privilege 15 secret 5 $1$.5bA$XpNYReN7Pb2jiHvhQQD6t0
!
!
!

interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$ ip address 192.168.1.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
no mop enabled
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
  pppoe-client dial-pool-number 1
!
!
interface Dialer0
ip address negotiated
ip access-group 105 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname user@ttnet
ppp chap password 123456
ppp pap sent-username user@ttnet password 123456 !
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.1.6 25 interface Dialer0 25

!
logging trap debugging

access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255

access-list 105 remark SDM_ACL Category=1 access-list 105 permit tcp host 195.175.175.175 host 192.168.1.6 eq smtp

dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C !
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end

--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 



  SPONSORED LINKS 
        Communication and networking   Cisco systems inc   Wireless communication and networking 
    
---------------------------------
  YAHOO! GROUPS LINKS 

    
    Visit your group "cisco-ttl" on the web.
    
    To unsubscribe from this group, send an email to:
 cisco-ttl-unsubscribe@yahoogroups.com
    
    Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 

    
---------------------------------
  




[Non-text portions of this message have been removed]





--
Cisco Teknik Tartisma Listesi (Cisco-ttl)

Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk 
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya da 
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu tutulamazlar. 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/cisco-ttl/

<*> To unsubscribe from this group, send an email to:
    cisco-ttl-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 
Received on Tue Apr 18 12:27:22 2006

This archive was generated by hypermail 2.1.8 : Tue Apr 18 2006 - 12:27:23 EEST