problema con UDP interno (NTP)

zed · dom 03 lug , 2005 7:31 am

ciao a tutti,

il mio problema e' assai semplice

vorrei che all'interno della LAN una macchina facesse da server NTP (il router puo' farlo?) e le altre facessero da client (quindi facessero richiesta alla macchina server anziche' creare altre connessioni esterne.

ad oggi con l'attuale configurazione non mi permette di fare cio'.

tratto dal running-config

Codice: Seleziona tutto

!
ip nat translation timeout 240
ip nat translation tcp-timeout 600
ip nat translation udp-timeout 60
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.5 21 interface Dialer1 21
ip nat inside source static tcp 192.168.1.5 20 interface Dialer1 20
ip nat inside source static tcp 192.168.1.2 4662 interface Dialer1 4662
ip nat inside source static udp 192.168.1.2 4672 interface Dialer1 4672
ip nat inside source static tcp 192.168.1.2 6881 interface Dialer1 6881
ip nat inside source static tcp 192.168.1.5 22 interface Dialer1 22
ip nat inside source static tcp 192.168.1.5 80 interface Dialer1 80
!
logging facility local4
logging 192.168.1.2
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq 22
access-list 111 permit tcp any any eq www
access-list 111 permit udp any any eq 4672
access-list 111 permit tcp any any eq 4662
access-list 111 permit tcp any any eq 6881
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit gre any any
access-list 111 permit udp host 193.204.114.105 eq ntp any
access-list 111 permit udp host 193.204.114.231 eq ntp any
access-list 111 permit udp host 193.204.114.232 eq ntp any
access-list 111 permit udp host 193.204.114.233 eq ntp any
access-list 111 permit udp host 193.204.114.234 eq ntp any
access-list 111 permit udp host 193.67.79.202 eq ntp any
access-list 111 permit udp host 192.53.103.103 eq ntp any
access-list 111 permit udp host 193.79.237.14 eq ntp any
access-list 111 permit udp host 130.149.17.8 eq ntp any
access-list 111 permit udp host 192.53.103.104 eq ntp any
access-list 111 permit udp host 212.82.32.15 eq ntp any
access-list 111 permit udp host 129.132.2.21 eq ntp any
access-list 111 permit tcp any any established
access-list 111 deny   ip any any log
dialer-list 1 protocol ip permit

mi date una mano? grazie

marckalex · dom 03 lug , 2005 7:44 am

Re:

Ciao,

il router non può fare da server NTP in nessun caso.

By Marckalex - Cisco Systems Engineer

zed · dom 03 lug , 2005 3:44 pm

grazie per la risposta,

qualcuno conosce il modo (una ACL immagino) per fare passare l'UDP (porta 123 NTP) tra PC in LAN?

marckalex · dom 03 lug , 2005 3:56 pm

Re:

Il dialogo nella LAN non richiede nessuna ACL....solo se deve esserci tra la LAN e Internet / Server NTP over Internet.

zed · mar 05 lug , 2005 6:10 pm

si, in effetti avevo un problema di client: risolto
grazie

problema con UDP interno (NTP)

Login • Iscriviti