CiscoForums.it

Inviato: **mar 12 giu , 2007 9:00 am**

Ciao a tutti
ho una hdsl con ip statico e vorrei farci girare un dominio e un server di posta, per il sito in IIS tutto a posto va alla grande il problema è il server mail che non riceve le e-mail può dipendere dalla configurazione del router ?? vi allego la mia attuale config del 1721
-----------------------------------------------------------------------------------
ROUTER-HDSL#sh run
Building configuration...

Current configuration : 5356 bytes
!
! Last configuration change at 11:46:11 MEDT Fri Jun 1 2007 by admin
! NVRAM config last updated at 11:46:12 MEDT Fri Jun 1 2007 by admin
!
version 12.3
service nagle
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER-HDSL
!
security authentication failure rate 5 log
logging exception 100000
logging count
logging queue-limit 10000
logging buffered 150000 notifications
enable secret 5 $1$PYkx$/YE1iSFEM5fzixEdNj1o//
!
username planetxp privilege 15 password 7 12485C474B535F
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
!
!
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
ip cef
!
!
!
class-map match-any 5060-QOS
match access-group 102
!
!
policy-map QoS-Policy
class 5060-QOS
priority 512
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description INTERFACCIA FISICA PER GESTIONE LAN (PUBBLICA)
ip address xx.x.xx.xxx 255.255.255.248
service-policy output QoS-Policy
ip route-cache flow
speed auto
no cdp enable
!
interface Serial0
description HDSL 2Mbps
bandwidth 2048
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type cisco
!
interface Serial0.1 point-to-point
description PUNTO-PUNTO HDSL
bandwidth 2048
ip address xx.x.xx.xxx 255.255.255.252
ip access-group 131 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting access-violations
no arp frame-relay
no cdp enable
frame-relay class CIR1024
frame-relay interface-dlci 50 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0.1
no ip http server
!
!
map-class frame-relay CIR1024
frame-relay cir 1024000
frame-relay mincir 256000
access-list 102 remark *** ACL PER QOS 5060 ***
access-list 102 permit tcp any eq 5060 any
access-list 102 permit tcp any any eq 5060
access-list 102 permit udp any eq 5060 any
access-list 102 permit udp any any eq 5060
access-list 131 remark *** ACL PER RITORNO PACCHETTI ***
access-list 131 permit tcp any any gt 1023 established
access-list 131 permit udp any any gt 1023
access-list 131 remark *** ACL PER TRAFFICO NTP ***
access-list 131 permit udp any any eq ntp
access-list 131 remark *** ACL ANTI-SPOOFING ***
access-list 131 deny ip host 0.0.0.0 any log
access-list 131 deny ip 127.0.0.0 0.255.255.255 any log
access-list 131 deny ip 192.0.2.0 0.0.0.255 any log
access-list 131 deny ip 224.0.0.0 31.255.255.255 any log
access-list 131 deny ip 10.0.0.0 0.255.255.255 any log
access-list 131 deny ip 172.16.0.0 0.15.255.255 any log
access-list 131 deny ip 192.168.0.0 0.0.255.255 any log
access-list 131 remark *** ACL PER CONTROLLARE TRAFFICO ICMP ***
access-list 131 permit icmp any any echo
access-list 131 permit icmp any any echo-reply
access-list 131 permit icmp any any time-exceeded
access-list 131 permit icmp any any unreachable
access-list 131 permit icmp any any administratively-prohibited
access-list 131 permit icmp any any packet-too-big
access-list 131 permit icmp any any traceroute
access-list 131 deny icmp any any
access-list 131 remark *** ACL PER BLOCCARE WORM ***
access-list 131 deny tcp any any eq 135
access-list 131 deny udp any any eq 135
access-list 131 deny udp any any eq netbios-ns
access-list 131 deny udp any any eq netbios-dgm
access-list 131 deny tcp any any eq 139
access-list 131 deny udp any any eq netbios-ss
access-list 131 deny tcp any any eq 445
access-list 131 deny tcp any any eq 8888
access-list 131 deny tcp any any eq 8594
access-list 131 deny tcp any any eq 8563
access-list 131 deny tcp any any eq 7778
access-list 131 deny tcp any any eq 593
access-list 131 deny tcp any any eq 2049
access-list 131 deny udp any any eq 2049
access-list 131 deny tcp any any eq 2000
access-list 131 deny tcp any any range 6000 6010
access-list 131 deny udp any any eq 1433
access-list 131 deny udp any any eq 1434
access-list 131 deny udp any any eq 5554
access-list 131 deny udp any any eq 9996
access-list 131 deny udp any any eq 113
access-list 131 deny udp any any eq 3067
access-list 131 remark *** ACL PER BLOCCARE ACCESSI NON AUTORIZZATI ***
access-list 131 deny ip any any log
no cdp run
banner motd ^C
****************************************************************
----------------------------------------------------------------
* *** ROUTER PERIMETRALE *** *
----------------------------------------------------------------
* WARNING: System is RESTRICTED to authorized personnel ONLY! *
* Unauthorized use of this system will be logged and *
* prosecuted to the fullest extent of the law. *
* *
* If you are NOT authorized to use this system, LOG OFF NOW! *
* *
****************************************************************
^C
!
line con 0
exec-timeout 0 0
login local
stopbits 1
line aux 0
login local
line vty 0 4
exec-timeout 0 0
login local
!
scheduler allocate 20000 1000
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
!
end

Inviato: **mar 12 giu , 2007 3:27 pm**

come fai a dire che il sito web funziona ??? è in DMZ o fa da Bastion Host ?

ad un'occhio veloce della conf non ci sono regole di nat inside ne della porta 80-443 (web) ne della 25 (smtp in). Aggiungi 2 righe di

ip nat inside tcp .....

Inviato: **mar 12 giu , 2007 4:14 pm**

interface FastEthernet0
description INTERFACCIA FISICA PER GESTIONE LAN (PUBBLICA)

I server hanno direttamente un ip pubblico

CiscoForums.it

Cisco 1721 non mi arriva la posta....

Cisco 1721 non mi arriva la posta....