Access List Blocca Quello Che Non Dovrebbe

[spooke]

Salve a tutti
su un soho77 con la configurazione che vi posto di segguito se abilito l'access list dall'esterno non riescono ad arrviare piu' sul server ftp ne su quello http e tantomeno il software di peer to peer installato su una macchina secondaria funziona. Rimuovendo l'access list tutto ritorna a funzioanare perfettamente.
Il mio problema è che vorrei tenere su l'access list e allo stesso tempo abilitare i servizi che mi servono....

version 12.3
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname SpookeRouter
!
boot-start-marker
boot-end-marker
!

!
ip subnet-zero
no ip source-route
no ip domain lookup
ip domain name interbusiness.it
ip name-server 151.99.125.2
!

!
!
!
interface Ethernet0
ip address 10.17.1.3 255.0.0.0 secondary
ip address 192.168.0.1 255.255.255.0
ip access-group 102 in
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
ip access-group 102 out
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp pap sent-username aliceadsl password 7 082040470A1C04130107
!
router rip
version 2
network 10.0.0.0
network 192.168.0.0
!
ip nat translation timeout 3600
ip nat translation tcp-timeout 3600
ip nat translation udp-timeout 1200
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat translation max-entries 4096
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.0.99 6881 interface Dialer0 6881
ip nat inside source static tcp 192.168.0.99 6881 interface Dialer0 6881
ip nat inside source static tcp 192.168.0.101 80 interface Dialer0 80
ip nat inside source static udp 192.168.0.101 80 interface Dialer0 80
ip nat inside source static udp 192.168.0.101 20 interface Dialer0 20
ip nat inside source static tcp 192.168.0.101 20 interface Dialer0 20
ip nat inside source static tcp 192.168.0.101 21 interface Dialer0 21
ip nat inside source static udp 192.168.0.101 21 interface Dialer0 21
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 18 permit 151.99.126.0 0.0.0.255
access-list 19 permit 151.99.126.0 0.0.0.255
access-list 102 permit tcp any any eq www
access-list 102 permit tcp any any eq telnet
access-list 102 permit tcp any any eq ftp
access-list 102 permit tcp any any eq pop3
access-list 102 permit tcp any any eq smtp
access-list 102 permit tcp any any eq 443
access-list 102 permit udp any any eq 443
access-list 102 permit udp any any eq 23
access-list 102 permit udp any any eq 21
access-list 102 permit udp any any eq domain
access-list 102 permit udp any any eq 110
access-list 102 permit udp any any eq 25
access-list 102 permit tcp any any eq domain
access-list 102 permit tcp any any eq 5000
access-list 102 permit tcp any any eq 5001
access-list 102 permit tcp any any eq 995
access-list 102 permit tcp any any eq 465
access-list 102 permit tcp any any eq 5100
access-list 102 permit tcp any any eq whois
access-list 102 permit tcp any any eq nntp
access-list 102 permit tcp any any eq 5050
access-list 102 permit tcp any any eq 6667
access-list 102 permit udp any any eq 6881
access-list 102 permit tcp any any eq 6881

!
line con 0
login local
stopbits 1
line vty 0 4
access-class 30 in
login tacacs
!
scheduler max-task-time 5000
end

[MaiO]

Togli questo statemant dalle atm0

ip access-group 102 out


se mai dovessi applicarlo (e non è caso tuo, se ho capito bene lo scopo), dovrai farlo sul dialer.


Ciao