Ho fatto i forward di alcune porte per il fritz e il telefono ip301,
che hanno ip fissi, ma non funzionavano lo stesso,
fino a che non ho disattivato del tutto il firewall.
l'ideale sarebbe che funzionassero senza dover inoltrare porte
e senza dover disabilitare il firewall.
0.40 è il fritx box
0.99 è l'ip301
Lo ho configurato con l'interfaccia java.
Inoltre il messenger non mi invia più i messaggi ai contatti offline, questo non lo capisco.
Router#sh run
Building configuration...
Current configuration : 3501 bytes
!
! Last configuration change at 10:03:29 CET Thu Jan 29 2009 by Router
! NVRAM config last updated at 10:03:33 CET Thu Jan 29 2009 by Router
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 xxxxx
!
username CRWS_Kannan privilege 15 password 7 xxxxxxxxx
username CRWS_Venky privilege 15 password 7 xxxxxxxx
username Router password 7 xxxxxxx
clock timezone CET 1
ip subnet-zero
ip name-server 213.205.36.70
ip name-server 213.205.32.70
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.40
ip dhcp excluded-address 192.168.0.99
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name cisco
lease 0 2
!
!
no aaa new-model
!
!
partition flash 2 6 2
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0
ip address 192.168.0.254 255.255.255.0 secondary
ip address 192.168.0.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxxx
ppp chap password 7 xxxxx
ppp pap sent-username xxxxx password 7 xxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
!
end
soho 97 fritz box e ip301
Moderatore: Federico.Lagni
-
JoCondor
- n00b
- Messaggi: 10
- Iscritto il: gio 29 gen , 2009 8:05 pm
A parte il copia e incolla che mi ha duplicato un pezzo,
non ho la seriale in questo pc e ho dovuto usare il telnet,
comunque credo di aver risolto semplicemente riabilitando il firewall
dopo aver messo mano ai virtual server, forse nel crws bisogna attenersi alla sequenza di operazioni.
adesso è così
Router#sh run
Building configuration...
Current configuration : 5225 bytes
!
! Last configuration change at 09:44:26 CET Fri Jan 30 2009 by CRWS_Santhosh
! NVRAM config last updated at 09:44:26 CET Fri Jan 30 2009 by CRWS_Santhosh
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$Ijfo$zG.t9TuoipFyE7T85jZHF0
!
username CRWS_Kannan privilege 15 password 7 xxxx
username CRWS_Venky privilege 15 password 7 xxxx
username Router password 7 xxxx
clock timezone CET 1
ip subnet-zero
ip name-server 213.205.36.70
ip name-server 213.205.32.70
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.40
ip dhcp excluded-address 192.168.0.99
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name cisco
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
partition flash 2 6 2
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0
ip address 192.168.0.254 255.255.255.0 secondary
ip address 192.168.0.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp pap sent-username xxxx password 7 xxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 111 permit udp any any eq 20000
access-list 111 permit udp any any eq 5070
access-list 111 permit udp any any eq 49001
access-list 111 permit udp any any eq 55556
access-list 111 permit tcp any any eq 5500
access-list 111 permit udp any any eq 5060
access-list 111 permit tcp any any eq 14010
access-list 111 permit udp any any eq 14011
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ftp
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
!
end
Router#
non ho la seriale in questo pc e ho dovuto usare il telnet,
comunque credo di aver risolto semplicemente riabilitando il firewall
dopo aver messo mano ai virtual server, forse nel crws bisogna attenersi alla sequenza di operazioni.
adesso è così
Router#sh run
Building configuration...
Current configuration : 5225 bytes
!
! Last configuration change at 09:44:26 CET Fri Jan 30 2009 by CRWS_Santhosh
! NVRAM config last updated at 09:44:26 CET Fri Jan 30 2009 by CRWS_Santhosh
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$Ijfo$zG.t9TuoipFyE7T85jZHF0
!
username CRWS_Kannan privilege 15 password 7 xxxx
username CRWS_Venky privilege 15 password 7 xxxx
username Router password 7 xxxx
clock timezone CET 1
ip subnet-zero
ip name-server 213.205.36.70
ip name-server 213.205.32.70
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.40
ip dhcp excluded-address 192.168.0.99
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name cisco
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
partition flash 2 6 2
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0
ip address 192.168.0.254 255.255.255.0 secondary
ip address 192.168.0.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp pap sent-username xxxx password 7 xxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
access-list 111 permit udp any any eq 20000
access-list 111 permit udp any any eq 5070
access-list 111 permit udp any any eq 49001
access-list 111 permit udp any any eq 55556
access-list 111 permit tcp any any eq 5500
access-list 111 permit udp any any eq 5060
access-list 111 permit tcp any any eq 14010
access-list 111 permit udp any any eq 14011
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ftp
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
!
end
Router#
