Cisco 1841 FTP e Dyns.cx

[Wizard]

Le prove falle con IP non con il nome

[fireblade]

Purtroppo siamo sempre al punto che non aggiorna il dns

ho provato un po di variazioni alla stringa http seguendo le indicazioni del sito dyns.cx e sul browser funziona alla perfezione, sul cisco niente da fare....

ho tenuto in considerazione la seguente documentazione cisco

http://www.cisco.com/univercd/cc/td/doc ... dr_d1h.pdf

e

http://www.cisco.com/univercd/cc/td/doc ... t_ddns.pdf

ma vi dico la verità che mi sono un pochino perso ...

la stringa da utilizzare secondo dyns.cx sembra essere del tipo

HTTP request:


http://www.dyns.net/postscript011.php?u ... t=robinson

Example 2:

username = joe
password = foo
hostname = robinson
domain = crusoe.com

HTTP request (preferred method):


http://www.dyns.net/postscript011.php?u ... crusoe.com

other option:


http://www.dyns.net/postscript011.php?u ... crusoe.com

or:


http://www.dyns.net/postscript011.php?u ... domain=own

or:


http://www.dyns.net/postscript011.php?u ... own-domain

provate tutte e tutte funzionano tranquillamente sul browser aggiornando l'ip ma nel cisco non funzionano, sembra esserci qualcosa che blocca.


Non ho capito 2 cose

se serve per forza anche

remove http://usernamemio:[email protected] ... =<h>&ip=<a>

oltre che

HTTP
add http://usernamemio:[email protected] ... =<h>&ip=<a>


e seconda cosa che non ho capito se la parte finale della stringa ovvero host=<h>&ip=<a> è un parametro cisco o dipende da dyns.cx e se è cisco,cosa significa ... io nella documentazione cisco sopra riportata non sono stato in grado di trovarne il significato

Grazie infinite e Buon Weekend

[carini]

Purtroppo siamo sempre al punto che non aggiorna il dns

ho provato un po di variazioni alla stringa http seguendo le indicazioni del sito dyns.cx e sul browser funziona alla perfezione, sul cisco niente da fare....

Grazie infinite e Buon Weekend

Allora, per debuggare il tutto usa

debug ip ddns update
e poi
terminal monitor

metti un refresh breve (5 minuti) e guarda cosa succede. Oppure scollega il cavo dell'ADSL per provocare un refresh dell'IP

Probabilmente la tua ACL non accetta le connessioni in ingresso. Questi due url potrebbero essere illuminanti:

http://www.telecom-gear.com/Dynamic-DNS ... 84--12.htm

http://andyraven.wordpress.com/2008/07/ ... cisco-ios/

Intanto io vorrei sapere se c'è qualcuno che sta facendo prove con everydns, ha meno limitazioni di dyndns e per giunta è collegato a opendns il che dovrebbe garantire tempi di propagazione rapidissimi

L'ulr di update è

http://<user>:<password>@dyn.everydns.n ... =carini.ws

[fireblade]

Ciao Carini, Wizard, Forum,

ecco cosa stampa:


Router>enable
Password:
Router#debug ip ddns update
Dynamic DNS debugging is on
Router#terminal monitor
% Console already monitors
Router#
*Sep 20 14:20:31.958: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to down
*Sep 20 14:20:31.958: DYNUPD: SWIF goingdown 'ATM0/0/0'
*Sep 20 14:20:31.958: DYNUPD: SWIF goingdown 'ATM0/0/0.1'
*Sep 20 14:20:32.958: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to down
*Sep 20 14:20:43.758: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
*Sep 20 14:20:43.758: DYNUPD: SWIF comingup 'ATM0/0/0'
*Sep 20 14:20:43.758: DYNUPD: SWIF comingup 'ATM0/0/0.1'
*Sep 20 14:20:44.758: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to up
*Sep 20 14:21:46.822: %SEC-6-IPACCESSLOGP: list 101 denied tcp 207.46.109.75(186
3) -> 79.16.247.140(56825), 1 packet
*Sep 20 14:22:44.102: %SEC-6-IPACCESSLOGP: list 101 denied udp 202.97.238.201(42
021) -> 79.16.247.140(1026), 1 packet
*Sep 20 14:23:34.774: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.169.84(1616
) -> 79.16.247.140(135), 1 packet
*Sep 20 14:23:41.206: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.169.84(4313
) -> 79.16.247.140(445), 1 packet 79.16.169.84
Router#
*Sep 20 14:24:34.774: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.169.84(3861
) -> 79.16.247.140(445), 1 packet
*Sep 20 14:25:07.242: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.16.206(4225
) -> 79.16.247.140(135), 1 packet
*Sep 20 14:25:51.958: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to down

Qua stacco il cavo... aspetto e poi riattacco.

*Sep 20 14:25:51.958: DYNUPD: SWIF goingdown 'ATM0/0/0'
*Sep 20 14:25:51.958: DYNUPD: SWIF goingdown 'ATM0/0/0.1'
*Sep 20 14:25:52.958: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to down
*Sep 20 14:26:34.058: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Sep 20 14:26:34.078: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o down
*Sep 20 14:26:34.078: DYNUPD: SWIF goingdown 'Virtual-Access1'
*Sep 20 14:26:35.058: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to down
*Sep 20 14:27:43.758: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
*Sep 20 14:27:43.758: DYNUPD: SWIF comingup 'ATM0/0/0'
*Sep 20 14:27:43.758: DYNUPD: SWIF comingup 'ATM0/0/0.1'
*Sep 20 14:27:44.758: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to up
*Sep 20 14:27:49.470: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Sep 20 14:27:49.474: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up
*Sep 20 14:27:50.626: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to up
*Sep 20 14:27:50.626: DYNUPD: SWIF comingup 'Virtual-Access1'
*Sep 20 14:28:31.494: %SEC-6-IPACCESSLOGP: list 101 denied tcp 69.1.53.40(50262)
-> 79.1.245.226(25354), 1 packet 79.1.245.22679.1.245.226
Router#
*Sep 20 14:29:34.774: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.169.84(4313
) -> 79.16.247.140(445), 1 packet
*Sep 20 14:29:37.146: %SEC-6-IPACCESSLOGP: list 101 denied udp 78.94.30.70(61429
) -> 79.1.245.226(28960), 1 packet
*Sep 20 14:29:38.742: %SEC-6-IPACCESSLOGP: list 101 denied udp 122.141.75.3(5154
6) -> 79.1.245.226(1026), 1 packet
*Sep 20 14:30:05.718: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.140.81.35(80)
-> 79.1.245.226(56851), 1 packet
*Sep 20 14:30:32.254: %SEC-6-IPACCESSLOGP: list 101 denied udp 202.97.238.209(44
955) -> 79.1.245.226(1026), 1 packet
*Sep 20 14:30:34.774: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.16.16.206(4282
) -> 79.16.247.140(135), 1 packet

Spero possiate darmi una dritta..

Buon weekend

[carini]

Ciao Carini, Wizard, Forum,

ecco cosa stampa:

Hai n pò troppa roba in debugging ... lascia solo il dyndns altrimenti è un casotto

Codice: Seleziona tutto

gw#no debug all
All possible debugging has been turned off

gw#debug ip ddns update
Dynamic DNS debugging is on

gw#terminal monitor

Alla fine ...

Codice: Seleziona tutto

gw#no debug all
All possible debugging has been turned off

terminal no monitor

[fireblade]

Ecco cosa stampa:

Router#no debug all
All possible debugging has been turned off
Router#debug ip ddns update
Dynamic DNS debugging is on
Router#
*Sep 20 19:16:55.239: %SEC-6-IPACCESSLOGP: list 101 denied tcp 87.4.141.16(37525
) -> 87.4.241.223(135), 1 packet terminal monitor
% Console already monitors
Router#terminal monitor
% Console already monitors
Router#
*Sep 20 19:17:20.107: %SEC-6-IPACCESSLOGP: list 101 denied tcp 87.4.82.151(63275
) -> 87.4.241.223(135), 1 packet
*Sep 20 19:17:58.623: %SEC-6-IPACCESSLOGP: list 101 denied tcp 61.188.39.198(600
0) -> 87.4.241.223(1433), 1 packet
*Sep 20 19:18:37.931: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to down
*Sep 20 19:18:37.931: DYNUPD: SWIF goingdown 'ATM0/0/0'
*Sep 20 19:18:37.931: DYNUPD: SWIF goingdown 'ATM0/0/0.1'
*Sep 20 19:18:38.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to down
*Sep 20 19:18:50.779: %SEC-6-IPACCESSLOGP: list 101 denied tcp 87.122.247.78(289
4) -> 87.4.241.223(2967), 1 packet
*Sep 20 19:19:20.499: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di0
*Sep 20 19:19:20.515: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o down
*Sep 20 19:19:20.515: DYNUPD: SWIF goingdown 'Virtual-Access1'
*Sep 20 19:19:21.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to down
Router#
Router#
Router#
*Sep 20 19:20:59.763: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
*Sep 20 19:20:59.763: DYNUPD: SWIF comingup 'ATM0/0/0'
*Sep 20 19:20:59.763: DYNUPD: SWIF comingup 'ATM0/0/0.1'
*Sep 20 19:21:00.763: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0,
changed state to up
*Sep 20 19:21:07.223: %DIALER-6-BIND: Interface Vi1 bound to profile Di0
*Sep 20 19:21:07.227: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up
*Sep 20 19:21:09.419: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to up
*Sep 20 19:21:09.419: DYNUPD: SWIF comingup 'Virtual-Access1'
*Sep 20 19:21:09.531: %SEC-6-IPACCESSLOGP: list 101 denied udp 72.172.90.202(532
7) -> 79.20.34.101(17866), 1 packet
*Sep 20 19:21:25.807: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.13.157.207(465
7) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:21:43.999: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.27.107.184(237
10) -> 79.20.34.101(135), 1 packet
*Sep 20 19:21:45.911: %SEC-6-IPACCESSLOGP: list 101 denied tcp 201.250.127.237(1
512) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:21:59.715: %SEC-6-IPACCESSLOGP: list 101 denied udp 88.8.153.194(2529
9) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:22:12.459: %SEC-6-IPACCESSLOGP: list 101 denied udp 84.126.130.38(526
70) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:22:26.571: %SEC-6-IPACCESSLOGP: list 101 denied udp 83.50.180.31(2466
1) -> 79.20.34.101(17866), 1 packet
*Sep 20 19:22:38.607: %SEC-6-IPACCESSLOGP: list 101 denied tcp 201.255.111.175(4
516) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:22:43.587: %SEC-6-IPACCESSLOGP: list 101 denied tcp 200.88.89.220(307
83) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:23:02.959: %SEC-6-IPACCESSLOGP: list 101 denied tcp 207.171.62.134(19
724) -> 79.20.34.101(63818), 1 packet
*Sep 20 19:23:05.615: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.25.143.5(8687)
-> 79.20.34.101(135), 1 packet
*Sep 20 19:23:18.235: %SEC-6-IPACCESSLOGP: list 101 denied tcp 79.20.213.106(459
17) -> 79.20.34.101(135), 1 packet
*Sep 20 19:23:24.403: %SEC-6-IPACCESSLOGP: list 101 denied tcp 164.73.204.71(110
0) -> 79.20.34.101(63818), 1 packet

Grazie per la pazienza ...

[carini]

Ecco cosa stampa:
Grazie per la pazienza ...

Nulla .. solo una cosa ... vedo che hai dichiarato "ip ddns update method sdm_ddns1" ma poi, il sdm_ddns1 da dove lo richiami?

[fireblade]

la stringa ip ddns update method sdm_ddns1 mi è stata generata in automatico dal SDM

[carini]

la stringa ip ddns update method sdm_ddns1 mi è stata generata in automatico dal SDM

Esempio:

Qui dichiaro il metodo

Codice: Seleziona tutto

ip ddns update method everydns
 HTTP
  add http://<user>:<passw>@dyn.everydns.net/index.php?ver=0.1&ip=<a>&domain=<h>
  remove http://<user>:<passw>@dyn.everydns.net/index.php?ver=0.1&ip=<a>&domain=<h>
 interval maximum 1 2 4 8
!

E qui lo uso:

Codice: Seleziona tutto

interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update hostname carini.ws
 ip ddns update everydns host carini.ws
 ip address negotiated
 ip access-group 103 in

Non so com'è la tua configurazione, ma dovresti avere qualcosa del genere ...

[fireblade]

Questa è la configurazione attuale:


Building configuration...

Current configuration : 5898 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$IXDf$xR8xUnUBUsNj7Va8eqJSB1
enable password miapass
!
no aaa new-model
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool Nome del Pool
import all
network 192.168.2.0 255.255.255.0
dns-server 85.37.17.4 85.38.28.70
default-router 192.168.2.1
!
!
ip name-server 85.37.17.4
ip name-server 85.38.28.70
ip ddns update method sdm_ddns1 Qua credo si dichiari il metodo
HTTP
add http://www.dyns.net/postscript011.php?u ... main=ma.cx
remove http://www.dyns.net/postscript011.php?u ... main=ma.cx
!
!
!
crypto pki trustpoint TP-self-signed-564730499
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-564730499
revocation-check none
rsakeypair TP-self-signed-564730499
!
!
crypto pki certificate chain TP-self-signed-564730499
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35363437 33303439 39301E17 0D303830 39323031 37323531
305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3536 34373330
34393930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
E0E734EA F69B5928 40C11DCA D7DC72DC B76B1D5E DBEC4D2D 3CC7F939 3BF50F1F
1A22FFE4 AC21AFF3 861165A4 870E61B2 690E97F8 6FD3DC83 269DDAA8 7013A73B
76955849 FB2CD761 E63244E7 DCA726FF 08A7799E 9D0B9257 8AABE315 85DB2F8E
2D3F2BF0 B84BEB83 1FADDC6B 996C1474 814532BF 045124C9 AD7F9BAE 1FDD2495
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 801456F8 84AD8B32
C9331E56 AA926E4C 8FE4637D CCC4301D 0603551D 0E041604 1456F884 AD8B32C9
331E56AA 926E4C8F E4637DCC C4300D06 092A8648 86F70D01 01040500 03818100
175AEC47 C28D67A9 6D737D87 03FA60FD A406775F 70945151 E28FA96F E70B08EC
2E174C91 F2A985FC FC9450AD 5221EC30 963A5E47 5B7AA7C8 8E0969F6 B867DD13
383BC534 EE5646DC 4F8395C2 A0A38F26 F485F417 574ED4BB D40D0D79 86732A5E
15F2C9D9 0C437DB1 87537C89 B26875BA 4BA4A159 39F8F70B C7A70526 E67D2232
quit
username miouser privilege 15 secret 5 $1$ULcH$/JO.iGfbwKz0F2HfSxj.a0
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer0 Qua manca l'utilizzo ... credo
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
ip mtu 1452
ip nbar protocol-discovery
ip inspect SDM_LOW out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.2.2 21 interface Dialer0 21
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark *** ACL IN INGRESSO DA INTERNET ***
access-list 101 permit tcp any any eq ftp
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit udp host 85.38.28.70 eq domain any
access-list 101 permit udp host 85.37.17.4 eq domain any
access-list 101 deny ip 192.168.2.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
snmp-server community public RO
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password miapass
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

Non è strano che l'SDM mi dichiari il metodo e poi non mi compili anche l'utilizzo? o sono io che non lo vedo...

[carini]

Questa è la configurazione attuale:

Non è strano che l'SDM mi dichiari il metodo e poi non mi compili anche l'utilizzo? o sono io che non lo vedo...

Non è strano che a livello professionale l'SDM non se lo fili nessuno?

In ogni caso la doc completa è

http://www.cisco.com/en/US/docs/ios/12_ ... _ddns.html

Cmq sì, prova a configurare il tuo metodo nell'interfaccia wan (dovrebbe essere la dialer) e dicci che succede ...

[fireblade]

Ci sono riuscito, grazie mille Carini,Wizard, Forum

ecco la configurazione attuale:


Building configuration...

Current configuration : 6076 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$IXDf$xR8xUnUBUsNj7Va8eqJSB1
enable password passmia
!
no aaa new-model
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool mio pool
import all
network 192.168.2.0 255.255.255.0
dns-server 85.37.17.4 85.38.28.70
default-router 192.168.2.1
!
!
ip host dyns.net 213.232.93.27 messo qua l'ip del dyns.net
ip name-server 85.37.17.4
ip name-server 85.38.28.70
ip ddns update method sdm_ddns1
HTTP
add http://www.dyns.net/postscript011.php?u ... main=ma.cx
remove http://www.dyns.net/postscript011.php?u ... main=ma.cx
!
!
!
crypto pki trustpoint TP-self-signed-564730499
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-564730499
revocation-check none
rsakeypair TP-self-signed-564730499
!
!
crypto pki certificate chain TP-self-signed-564730499
certificate self-signed 01
3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35363437 33303439 39301E17 0D303830 39323131 32303334
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3536 34373330
34393930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
E0E734EA F69B5928 40C11DCA D7DC72DC B76B1D5E DBEC4D2D 3CC7F939 3BF50F1F
1A22FFE4 AC21AFF3 861165A4 870E61B2 690E97F8 6FD3DC83 269DDAA8 7013A73B
76955849 FB2CD761 E63244E7 DCA726FF 08A7799E 9D0B9257 8AABE315 85DB2F8E
2D3F2BF0 B84BEB83 1FADDC6B 996C1474 814532BF 045124C9 AD7F9BAE 1FDD2495
02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
11040A30 08820652 6F757465 72301F06 03551D23 04183016 801456F8 84AD8B32
C9331E56 AA926E4C 8FE4637D CCC4301D 0603551D 0E041604 1456F884 AD8B32C9
331E56AA 926E4C8F E4637DCC C4300D06 092A8648 86F70D01 01040500 03818100
1815FF6C 4095A677 463600C3 AF5B38DC B6B62AE4 3A38F1B5 988FBFC7 063AC4EE
D7B30A77 CD71C062 9E14A7C8 CFE5BFD8 B6294EED 2712BF6E 74331E71 AF7DA23D
28CAB857 B14D4609 464C48CE 48BB588D 17209A6A E2E57A3A F59C8D70 693894D3
2D712C4C 07E8AED8 A5DF44C4 8BDFD9FD EB34FAE0 8B11E2A5 80F890BE 69F3FD76
quit
username miouser privilege 15 secret 5 $1$ULcH$/JO.iGfbwKz0F2HfSxj.a0
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip access-group 100 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Dialer0
description $FW_OUTSIDE$
ip ddns update hostname miohost.ma.cx aggiunto qui l'host mio
ip ddns update sdm_ddns1 host 213.232.93.27 messo qui il nome regola e ip reale del dyns.net
ip address negotiated
ip access-group 101 in
ip mtu 1452
ip nbar protocol-discovery
ip inspect SDM_LOW out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname aliceadsl
ppp chap password 0 aliceadsl
ppp pap sent-username aliceadsl password 0 aliceadsl
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.2.2 21 interface Dialer0 21
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark *** ACL IN INGRESSO DA INTERNET ***
access-list 101 permit tcp host 213.232.93.27 eq www any log aggiunta qui regola per firewall per ip del dyns.net
access-list 101 permit tcp any any eq ftp
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 permit udp host 85.38.28.70 eq domain any
access-list 101 permit udp host 85.37.17.4 eq domain any
access-list 101 deny ip 192.168.2.0 0.0.0.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
dialer-list 1 protocol ip permit
snmp-server community public RO
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password mia pass
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

[fireblade]

Funzionalità a parte ho fatto degli errori, devo mettere delle regole acl diverse?

o mi date l'OK

[carini]

Ci sono riuscito, grazie mille Carini,Wizard, Forum

Io non ci sono ancora riuscito con everydns a quanto pare il problema è che everydns vuole gli header HHTP/1.1 quando si invia l'url di update ma il cisco non li invia.

L'ultima risposta che ho avuto dal supporto è stata ...

[...] either the Host: header was never sent or was invalid. That response if what you get if you query the webserver directly by IP address only (see for yourself at http://64.158.219.9/ ). Make sure you using HTTP/1.1 (if there's an option between 1.0 and 1.1), hopefully that will tell it to send the Host header.

[fireblade]

Peccato davvero per everydns, sembra essere davvero superiore alla concorrenza..