Accesso a Web server CISCO 877
Inviato: gio 17 giu , 2010 12:44 pm
Salve a tutti, premetto che non sono un esperto CISCO ma ho acquistato un 877 proprio a titolo di studio per la mia rete casalinga. Ho configurato il router per poter navigare e fin qui nessun problema, ho poi cercato ti pubblicare un mio server web e ftp in modo che possa essere raggiungibile dall'esterno. A questo punto la complicazione. malgrado una settimana di tentativi e centinaia di articoli letti non sono riuscito a farlo andare. L'unica cosa che ho ottenuto e' la risposta del Router accessibile via web dall'esterno. Pubblico qui la mia configurazione magari qualcuno potra' dirmi dove ho sbagliato.
!!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco_877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$1U2g$TCd8GmlO5QV0Zv37773tf0
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1438066238
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1438066238
revocation-check none
rsakeypair TP-self-signed-1438066238
!
!
crypto pki certificate chain TP-self-signed-1438066238
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343338 30363632 3338301E 170D3130 30313131 31353236
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34333830
36363233 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E733 7F4FA0DA 4A7819D7 F55265B5 4921D58C B619E781 A6229382 A40EB6D6
DF0EA68C E016178B F5C8E1A1 C9539167 193E9868 0FB62E80 1D8D286F CD4E6D8E
C1CBB281 EA3281CA A0E74C56 DECB8898 DC716A9D 2EE7B837 8866C602 31A92A57
BF278F77 0C951324 88232B9C 8BE245C4 D13F3CA9 1E0A56C1 5E763B22 6CAECB1F
D97B0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 16436973 636F5F38 37372E74 616B6570 686F746F 2E697430
1F060355 1D230418 30168014 90D04E07 DFA6358D 87C7BD97 0A11E7ED 07B7345B
301D0603 551D0E04 16041490 D04E07DF A6358D87 C7BD970A 11E7ED07 B7345B30
0D06092A 864886F7 0D010104 05000381 810070A1 90739AB3 4B44BFE8 899D28D4
810C35F8 337F7E1E 9853492E 3766D99C 9F0743D9 C79527D5 0DE175D8 BC78223C
C37B4BB6 82A3CBFE 0B446D46 39860557 9656AF3D 330432F9 65858784 9FA06030
AC5AF81C 1089D9CE E115E4CA 2DA5BF64 FEB16EFE 423654FF F5B54228 D041F2A8
0709A810 685C882A 63B99A87 DFCF5A1E FB4F
quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.100
!
ip dhcp pool sdm-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 151.99.125.1 151.99.0.100
lease 0 2
!
!
ip cef
ip domain name takephoto.it
ip name-server 151.99.125.1
ip name-server 151.99.0.100
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXX
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect edonkey match-any sdm-app-edonkey
match file-transfer
match text-chat
match search-file-name
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.2 8500 interface Dialer0 8500
ip nat inside source static tcp 192.168.1.2 21 interface Dialer0 21
!
access-list 1 remark INSIDE_IF=vlan1
access-list 1 remark SDM_ACD Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit any
access-list 10 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
===============================================
Ecco, questo e' quanto sono riuscito a fare ma malgrado la NAT statica non riesco a trovare l'errore. Spero in vostro sggerimento per uscire dalla nebbia..... grazie, Sante - iw0gz
!!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco_877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 $1$1U2g$TCd8GmlO5QV0Zv37773tf0
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-1438066238
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1438066238
revocation-check none
rsakeypair TP-self-signed-1438066238
!
!
crypto pki certificate chain TP-self-signed-1438066238
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343338 30363632 3338301E 170D3130 30313131 31353236
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34333830
36363233 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E733 7F4FA0DA 4A7819D7 F55265B5 4921D58C B619E781 A6229382 A40EB6D6
DF0EA68C E016178B F5C8E1A1 C9539167 193E9868 0FB62E80 1D8D286F CD4E6D8E
C1CBB281 EA3281CA A0E74C56 DECB8898 DC716A9D 2EE7B837 8866C602 31A92A57
BF278F77 0C951324 88232B9C 8BE245C4 D13F3CA9 1E0A56C1 5E763B22 6CAECB1F
D97B0203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
551D1104 1A301882 16436973 636F5F38 37372E74 616B6570 686F746F 2E697430
1F060355 1D230418 30168014 90D04E07 DFA6358D 87C7BD97 0A11E7ED 07B7345B
301D0603 551D0E04 16041490 D04E07DF A6358D87 C7BD970A 11E7ED07 B7345B30
0D06092A 864886F7 0D010104 05000381 810070A1 90739AB3 4B44BFE8 899D28D4
810C35F8 337F7E1E 9853492E 3766D99C 9F0743D9 C79527D5 0DE175D8 BC78223C
C37B4BB6 82A3CBFE 0B446D46 39860557 9656AF3D 330432F9 65858784 9FA06030
AC5AF81C 1089D9CE E115E4CA 2DA5BF64 FEB16EFE 423654FF F5B54228 D041F2A8
0709A810 685C882A 63B99A87 DFCF5A1E FB4F
quit
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.100
!
ip dhcp pool sdm-pool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 151.99.125.1 151.99.0.100
lease 0 2
!
!
ip cef
ip domain name takephoto.it
ip name-server 151.99.125.1
ip name-server 151.99.0.100
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username XXXXXXXX privilege 15 secret 5 XXXXXXXXXXXX
!
!
!
archive
log config
hidekeys
!
!
!
class-map type inspect edonkey match-any sdm-app-edonkey
match file-transfer
match text-chat
match search-file-name
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.2 8500 interface Dialer0 8500
ip nat inside source static tcp 192.168.1.2 21 interface Dialer0 21
!
access-list 1 remark INSIDE_IF=vlan1
access-list 1 remark SDM_ACD Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit any
access-list 10 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
===============================================
Ecco, questo e' quanto sono riuscito a fare ma malgrado la NAT statica non riesco a trovare l'errore. Spero in vostro sggerimento per uscire dalla nebbia..... grazie, Sante - iw0gz