Salve a tutti,
potreste, cortesemente, spiegarmi come mai se inserisco la seguente configurazione eMule mi da sempre id basso?
Configurazione:
Router(config)#ip nat inside source static udp 192.168.0.2 4672 interface Dialer0 4672
Router(config)#ip nat inside source static tcp 192.168.0.2 4662 interface Dialer0 4662
Router(config)#exit
Router#wr mem
Router#reload
Vi ringrazio anricipatamente per il vostro aiuto
eMule non ne vuole sapere!
Moderatore: Federico.Lagni
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Come sono configurate le acl in entrata?
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Direi di si.
A questo punto facci vedere la config completa del router.
A questo punto facci vedere la config completa del router.
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
mulder
- Cisco fan
- Messaggi: 25
- Iscritto il: mar 14 ago , 2007 11:18 am
...eccon la configurazione completa:
!This is the running config of the router: 192.168.0.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$gvXO$Jk2Acq32f1oxi4oE7myga1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 212.216.172.62 212.216.112.112
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 212.216.172.62
ip name-server 212.216.112.112
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3627273094
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3627273094
revocation-check none
rsakeypair TP-self-signed-3627273094
!
!
crypto pki certificate chain TP-self-signed-3627273094
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363237 32373330 3934301E 170D3037 30393038 31383135
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323732
37333039 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E238 B562FE53 248DD05F 08DE2270 D3794D67 5E670EDE 2D1A32AF 122C900B
3CA08F49 2E1EE518 151AE851 05B36681 E7F20DEC DD01D4A9 7AF9E527 6A249E6A
517EADAA 90EAFAC2 92FBEBF9 BE48C74B 2759966F 8FC25C57 52D2B1FB 38AAD3FB
091C15AE 8C916353 916AA6C1 FDB564C1 573D8380 3F642FFA 4E7D7795 C855EDE3
B84B0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 15726F75 7465722E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801425 57A6552C 61728D14 A5C012FD F50E334E BE09B730
1D060355 1D0E0416 04142557 A6552C61 728D14A5 C012FDF5 0E334EBE 09B7300D
06092A86 4886F70D 01010405 00038181 005DCED4 EF05EAD9 BAECABDE A77152CA
D28CFD57 CCD2B5F4 889F5B53 4758ADF1 2D44C389 45DB878F BEAF9EA3 7F132C05
2CD32B8C 4299B510 BC52A73C 515DAF4B 4EB47733 084A74E5 1A130074 792C530B
00AB392E 4812807C 2FCD4FCC B53EEDD7 062C3ED7 FE85B41E 7689286A 7E8667EE
A550AE64 A6D96AB5 90F63158 2B069E1A 6C
quit
username admin privilege 15 secret 5 $1$7qPh$J8yvZS33aE8aBIXeygl9J1
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode adsl2
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid home
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 7 1218091E110E0D003927
ppp pap sent-username aliceadsl password 7 082040470A1C04130107
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.2 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.0.2 4672 interface Dialer0 4672
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.216.112.112 eq domain any
access-list 101 permit udp host 212.216.172.62 eq domain any
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
!This is the running config of the router: 192.168.0.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$gvXO$Jk2Acq32f1oxi4oE7myga1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 212.216.172.62 212.216.112.112
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 212.216.172.62
ip name-server 212.216.112.112
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3627273094
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3627273094
revocation-check none
rsakeypair TP-self-signed-3627273094
!
!
crypto pki certificate chain TP-self-signed-3627273094
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363237 32373330 3934301E 170D3037 30393038 31383135
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323732
37333039 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E238 B562FE53 248DD05F 08DE2270 D3794D67 5E670EDE 2D1A32AF 122C900B
3CA08F49 2E1EE518 151AE851 05B36681 E7F20DEC DD01D4A9 7AF9E527 6A249E6A
517EADAA 90EAFAC2 92FBEBF9 BE48C74B 2759966F 8FC25C57 52D2B1FB 38AAD3FB
091C15AE 8C916353 916AA6C1 FDB564C1 573D8380 3F642FFA 4E7D7795 C855EDE3
B84B0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 15726F75 7465722E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801425 57A6552C 61728D14 A5C012FD F50E334E BE09B730
1D060355 1D0E0416 04142557 A6552C61 728D14A5 C012FDF5 0E334EBE 09B7300D
06092A86 4886F70D 01010405 00038181 005DCED4 EF05EAD9 BAECABDE A77152CA
D28CFD57 CCD2B5F4 889F5B53 4758ADF1 2D44C389 45DB878F BEAF9EA3 7F132C05
2CD32B8C 4299B510 BC52A73C 515DAF4B 4EB47733 084A74E5 1A130074 792C530B
00AB392E 4812807C 2FCD4FCC B53EEDD7 062C3ED7 FE85B41E 7689286A 7E8667EE
A550AE64 A6D96AB5 90F63158 2B069E1A 6C
quit
username admin privilege 15 secret 5 $1$7qPh$J8yvZS33aE8aBIXeygl9J1
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode adsl2
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid home
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 7 1218091E110E0D003927
ppp pap sent-username aliceadsl password 7 082040470A1C04130107
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.2 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.0.2 4672 interface Dialer0 4672
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.216.112.112 eq domain any
access-list 101 permit udp host 212.216.172.62 eq domain any
access-list 101 deny ip 192.168.0.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Ecco il problema:
access-list 101 deny ip any any
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
Non puoi mettere il "deny ip any any" prima delle 2 regole x emule...quelle 2 ultime regole è come se non ci fossero!
access-list 101 deny ip any any
access-list 101 permit tcp any any eq 4662
access-list 101 permit udp any any eq 4672
Non puoi mettere il "deny ip any any" prima delle 2 regole x emule...quelle 2 ultime regole è come se non ci fossero!
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Nada.
Cmq ti consiglio di cambiare le porte utilizzate (sia sul router che sul client) poichè quelle di dafult spesso sono filtrate dal provider (banda limitata e più controlli).
Cmq ti consiglio di cambiare le porte utilizzate (sia sul router che sul client) poichè quelle di dafult spesso sono filtrate dal provider (banda limitata e più controlli).
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
