conf adsl 7 mega+nat

[robyhummy]

ciao a tutti
premetto che mi hanno regalato il router 877
ho un adsl 7 mega alice
ora è gia 3 o 4 giorni che leggo le configurazioni gia fatte ma non sono arrivato ancora a nulla
io vorrei un aiuto per fare una rete domestica composta da router e i varie prese lan
io avrei la necessita di nattare solo delle porte
e cioè
ip 192.168.1. router
ip 192.168.1.5 udp 1194
ip 192.168.1.6 tcp 1195
ip 192.168.1.5 tcp 1000
con eventuali protezione firewall standard
lo so che chiedo molto ma se potete aiutarmi
grazie

[ciscomanagement]

Dovresti postare una configurazione attuale del tuo router

[robyhummy]

io ho questa non mi uccidete

!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router877
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 52000 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
ip name-server 151.99.125.1
ip name-server 208.67.222.222
ip ssh time-out 60
ip ssh authentication-retries 2
ip ddns update method sdm_ddns1
HTTP
add http://[email protected]/nic/ ... h>&myip=<a>
remove http://[email protected]/nic/u ... h>&myip=<a>
!
!
!
!
crypto pki trustpoint TP-self-signed-3941063929
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3941063929
revocation-check none
rsakeypair TP-self-signed-3941063929
!
!
crypto pki certificate chain TP-self-signed-3941063929
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393431 30363339 3239301E 170D3032 30333031 31323539
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39343130
36333932 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F291 31C39B74 43EB6BAC 3BF92279 5E1EDC60 0C035A74 B6C234E6 66C36DF9
16D147EC 2E6CB703 51F061D5 235ECC0E 2B1FDADC 8EAB57F8 A25C0D1B B7D4A0B5
1860B161 4470694A C64C2EE8 EC8A7A63 A38288EE 1537EDC8 A24BC842 B538D011
F2750C0E 913395A1 6E4E3694 EDD0853A 96DCC719 D2A056AB 192A2BEB 8D653188
93EF0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 141D58C4 C89859DA 97154A6A A040F830 53E27F8F
52301D06 03551D0E 04160414 1D58C4C8 9859DA97 154A6AA0 40F83053 E27F8F52
300D0609 2A864886 F70D0101 04050003 818100BD BD9E9D43 32FA37E8 F4FB02A6
91204A07 DEEB3CD5 5A3F7F2E 865C8DA5 C6051711 B94306B3 8600DC7C 2DF51CBB
BB5C01D6 C7C1BDFB 56FB8CEB 919BE8B7 58516570 BEFE9BA7 DE7F78CF 736244E6
094EBB65 0C37D191 A09779A1 3EF96EFB 7F2D1E89 9A77B933 DB65FC4A 00C3872F
4EB994D0 5110752B 60295E89 B547FAF2 D9AB05
quit
username xxxxxxxxxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
username <xxxxxx> privilege 15 password 7 xxxxxxxxxxxxx
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxx
ppp pap sent-username [email protected] password 7 xxxxxxxxxxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.5 1000 interface Dialer0 1000
ip nat inside source static udp 192.168.1.5 1194 interface Dialer0 1194
ip nat inside source static tcp 192.168.1.6 1195 interface Dialer0 1195
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

[robyhummy]

o rivisto un po di forum nelle configurazioni o fatto wquesta mi potete dire quante cxxxte o fatto


no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname [NOME-ROUTER]
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 [SECRET-PASSWORD]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
dot11 association mac-list 700
dot11 syslog
dot11 vlan-name WiFi vlan 1
!
dot11 ssid [NOME-SSID]
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 [PASSWORD-WIFI-MASSIMO-63-CARATTERI]
!
ip cef
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name cisco.com
ip name-server [1-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip name-server [2-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip ddns update method dyndns1
HTTP
add http://[NOMEUTENTE]:[PASSWORD]@members. ... =dyndns&ho
stname=<h>&myip=<a>
remove http://[NOMEUTENTE]:[PASSWORD]@members. ... tem=dyndns
&hostname=<h>&myip=<a>
!
!
username [NOME-UTENTE-ACCESSO-ROUTER] privilege 15 secret 5 [PASSWORD]
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description CONESSIONE LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip ddns update hostname [HOST-DYNDNS].gotdns.com
ip ddns update dyndns1
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [UTENTE]@alice.it password 7 [PASSWORD]
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip nat inside source static tcp 192.168.1.2 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.1.2 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.1.5 1000 interface Dialer0 1000
ip nat inside source static udp 192.168.1.5 1494 interface Dialer0 1494
ip nat inside source static tcp 192.168.1.6 1495 interface Dialer0 1495
!
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp any host 192.168.1.2 eq 4662
access-list 100 permit udp any host 192.168.1.2 eq 4672
access-list 100 permit tcp any host 192.168.1.5 eq 1000
access-list 100 permit udp any host 192.168.1.5 eq 1494
access-list 100 permit tcp any host 192.168.1.6 eq 1495
!
access-list 101 remark Traffico abilitato ad entrare nel router da internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.1.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit udp host [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 102 permit ip any host 192.168.1.2
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.1.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconettiti subito o mi arrabbio!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
end

[Scruffy]

ciao, premetto che sono un principiante anche io, ma quando posso mi paice contribuire del poco che ho appreso.

allora la tua ultima config sembra ok a parte:

1) leva adsl2+ e metti auto
2) leva la parte wifi a meno che non hai un 877w dotato di 2 antenne wireless
3) se ti serve che funzioni in dyndns, quella ocnfig fatta così a me non andava ( se ti serve quindi il dyndns ti dico io coem aggiustare )

4) il resto sembra ok, a parte le acl che non so come fungono bene. io per far prima ho dato permesso a tutto

[robyhummy]

cosi va bene

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname [NOME-ROUTER]
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 [SECRET-PASSWORD]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
ip cef
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name cisco.com
ip name-server [1-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip name-server [2-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip ddns update method dyndns1
HTTP
add http://[NOMEUTENTE]:[PASSWORD]@members. ... =dyndns&ho
stname=<h>&myip=<a>
remove http://[NOMEUTENTE]:[PASSWORD]@members. ... tem=dyndns
&hostname=<h>&myip=<a>
!
!
username [NOME-UTENTE-ACCESSO-ROUTER] privilege 15 secret 5 [PASSWORD]
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
no ip address
!
!
!
interface Vlan1
description CONESSIONE LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip ddns update hostname [HOST-DYNDNS].gotdns.com
ip ddns update dyndns1
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [UTENTE]@alice.it password 7 [PASSWORD]
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip nat inside source static tcp 192.168.1.2 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.1.2 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.1.5 1000 interface Dialer0 1000
ip nat inside source static udp 192.168.1.5 1494 interface Dialer0 1494
ip nat inside source static tcp 192.168.1.6 1495 interface Dialer0 1495
!
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp any host 192.168.1.2 eq 4662
access-list 100 permit udp any host 192.168.1.2 eq 4672
access-list 100 permit tcp any host 192.168.1.5 eq 1000
access-list 100 permit udp any host 192.168.1.5 eq 1494
access-list 100 permit tcp any host 192.168.1.6 eq 1495
!
access-list 101 remark Traffico abilitato ad entrare nel router da internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.1.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit udp host [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 102 permit ip any host 192.168.1.2
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.1.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconettiti subito o mi arrabbio!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
end

[robyhummy]

nessuno mi aiuta
cè qualcuno che mi puo dire se funziona o no
per favore
grazie

[Scruffy]

ciao, modifica in:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname [NOME-ROUTER]
!
boot-start-marker
boot-end-marker
!
logging buffered 52000
enable secret 5 [SECRET-PASSWORD]
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
ip cef
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip domain name cisco.com
ip name-server [1-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip name-server [2-DNS-RISOLUXIONE-NOMI-X-ROUTER]
ip ddns update method dyndns1
HTTP
add http://[NOMEUTENTE]:[PASSWORD]@members. ... h>&myip=<a>
!
!
username [NOME-UTENTE-ACCESSO-ROUTER] privilege 15 secret 5 [PASSWORD]
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
no ip address
!
!
!
interface Vlan1
description CONESSIONE LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip ddns update hostname [HOST-DYNDNS].gotdns.com
ip ddns update dyndns1 host members.dyndns.org
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip inspect Firewall out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [UTENTE]@alice.it password 7 [PASSWORD]
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
ip nat inside source static tcp 192.168.1.2 4662 interface Dialer0 4662
ip nat inside source static udp 192.168.1.2 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.1.5 1000 interface Dialer0 1000
ip nat inside source static udp 192.168.1.5 1494 interface Dialer0 1494
ip nat inside source static tcp 192.168.1.6 1495 interface Dialer0 1495
!
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp any host 192.168.1.2 eq 4662
access-list 100 permit udp any host 192.168.1.2 eq 4672
access-list 100 permit tcp any host 192.168.1.5 eq 1000
access-list 100 permit udp any host 192.168.1.5 eq 1494
access-list 100 permit tcp any host 192.168.1.6 eq 1495
!
access-list 101 remark Traffico abilitato ad entrare nel router da internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.1.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host [1-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit udp host [2-DNS-RISOLUXIONE-NOMI-X-ROUTER] eq domain any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 102 remark Traffico abilitato ad entrare nel router dalla ethernet
access-list 102 permit ip any host 192.168.1.2
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.1.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconettiti subito o mi arrabbio!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
end


praticamente leva remove al dyndns e metti Host members.dyndns.org dove l'ho messo io così ti dovrebbe andare anche il dyndns

[robyhummy]

messa la conf
non mi lampeggia neanche la spia cd
ma sto cisco

[robyhummy]

lo resettato
ma la spia cd non saccende piu

la conf che mi da o cambiato ip da default a 192.168.1.1

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-3941063929
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3941063929
revocation-check none
rsakeypair TP-self-signed-3941063929
!
!
crypto pki certificate chain TP-self-signed-3941063929
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393431 30363339 3239301E 170D3038 30313132 30323533
34375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39343130
36333932 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AB55 B9984346 CD770198 C86335D4 784C4BD2 00AE1BA8 0F7AA8EC A480A566
6E17462E 186FC48D FCD06990 74873583 743DF8E0 11FF8E4F FB083966 7D0BC8E2
839457B8 D4D0F52B E36A3E1A 06A1779B 042359CF CF516F04 6B33683F A9DFAC81
C598F334 A85942E8 23260C2A C5A1E4AC 3B1C8A85 50414EC4 03F9A189 2AF1A2D0
AE550203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14E72CCC F850CC9A E890F62C A8C590F1 FA87AF1C
48301D06 03551D0E 04160414 E72CCCF8 50CC9AE8 90F62CA8 C590F1FA 87AF1C48
300D0609 2A864886 F70D0101 04050003 81810035 FE942006 32F05995 677582CE
BFC8B0E1 1E513846 62636E8B 5CB2DC33 CD1F3BCD 35270388 43C30C32 1F274844
DA50B422 39894EEF 470BCA9A DD4F6A58 28BE17F9 F7399B63 C232AEB1 9243B3E1
B64D82E8 31D1D7A4 D3345166 AB97AE70 D7FE7DE6 B6F52D20 1C515E2D 24AAB778
640E1D1D C687A1A7 F5211F22 2A37ADA4 D43CF9
quit
username roby privilege 15 secret 5 $1$QYsf$B8Ci4NUVkI2DW0GK/MQUs1
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
!
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
no cdp run
!
!
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

yourname#
mi sono arenato
come mai ha sempre ip di default nella conf ?
posso copiare le conf con ftpd?
help

[[Dj][DMX]]

Partiamo da qualche base:

1) In lingua Italiana ho (voce del verbo avere) si scrive con la H, mentre o (che esprime un'altra possibilità, un'alternativa) si scrive senza.

2) Hai notato quel post in rilievo all'inizio della forum Configurazioni che recita "configurazione pronta 877..."?!? La tua configurazione dovrà essere molto somigliante a quella, eccezione fatta per alcune cose che poi vedremo, però per ora non ci siamo neanche lontanamente.

3) Cominciamo con l'assegnare i giusti ip alle giuste interfacce (se la tua rete è 192.168.x.x devi assegnare alla interfaccia ethernet il giusto ip).

4) Togli quello shutdown dalla interfaccia atm, altrimenti non andremo lontani.

Per il resto si che puoi copiare la configurazione via tftp, ma ti sconsiglio vivamente di farlo utilizzando la configurazione di un altro router.

[robyhummy]

Partiamo da qualche base:

1) In lingua Italiana ho (voce del verbo avere) si scrive con la H, mentre o (che esprime un'altra possibilità, un'alternativa) si scrive senza.

2) Hai notato quel post in rilievo all'inizio della forum Configurazioni che recita "configurazione pronta 877..."?!? La tua configurazione dovrà essere molto somigliante a quella, eccezione fatta per alcune cose che poi vedremo, però per ora non ci siamo neanche lontanamente.

3) Cominciamo con l'assegnare i giusti ip alle giuste interfacce (se la tua rete è 192.168.x.x devi assegnare alla interfaccia ethernet il giusto ip).

4) Togli quello shutdown dalla interfaccia atm, altrimenti non andremo lontani.

Per il resto si che puoi copiare la configurazione via tftp, ma ti sconsiglio vivamente di farlo utilizzando la configurazione di un altro router.

1 non o capito cosa vuoi dire (che sono ciuco a italiano) ed è vero ma non ho preteso niente da nessuno
2ho notato le conf pronte sono per 857 so che vanno bene anche all 877
ma non mi tornava il discorso di dove mettre i dati diacesso
3per interfaccia ethernet ? io ho dato il 192.168.1.1
4 tolgo il sudetto
5 come posso copiare lòa conf da un altro router che ne o 1
6delle prove sicuramente ma sono un principiante
ciaooooooooo

[Wizard]

Intanto:

Codice: Seleziona tutto

interface ATM0
no shutdown

interface Vlan1
ip nat inside

Poi mancano le regole per il NAT...

[robyhummy]

oallora dopo alcune prove


!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco877
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
ip cef
!
!
!
!
no ip domain lookup
ip domain name cisco.com
ip name-server 151.99.125.1
ip name-server 208.67.222.222
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip inspect name Firewall h323
ip ddns update method dyndns1
HTTP
add http://[email protected] ... h>&myip=<a>
!
!
!
crypto pki trustpoint TP-self-signed-3941063929
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3941063929
revocation-check none
rsakeypair TP-self-signed-3941063929
!
!
crypto pki certificate chain TP-self-signed-3941063929
certificate self-signed 01 nvram:IOS-Self-Sig#390F.cer
username xxxxxxxxxxxxxxxxxxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
archive
log config
hidekeys
!
!
!
bridge irb
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
bundle-enable
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description CONESSIONE LAN
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Dialer0
ip ddns update hostname gotdns.com
ip ddns update dyndns1 host members.dyndns.org
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
ip inspect Firewall out
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap hostname ???????????????????
ppp pap sent-username [email protected] password 7 xxxxxxxxxxxxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.6 1495 interface Dialer0 1495
ip nat inside source static udp 192.168.1.5 1494 interface Dialer0 1494
ip nat inside source static tcp 192.168.1.5 1000 interface Dialer0 1000
ip nat inside source static udp 192.168.1.2 4672 interface Dialer0 4672
ip nat inside source static tcp 192.168.1.2 4662 interface Dialer0 4662
!
access-list 9 remark SDM_ACL Category=16
access-list 9 permit 10.0.0.0 0.0.0.255
access-list 9 permit 192.168.1.0 0.0.0.255
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit tcp any host 192.168.1.2 eq 4662
access-list 100 permit udp any host 192.168.1.2 eq 4672
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 100 permit tcp any host 192.168.1.5 eq 1000
access-list 100 permit udp any host 192.168.1.5 eq 1494
access-list 100 permit tcp any host 192.168.1.6 eq 1495
access-list 100 remark *************************************************************
access-list 100 remark *** ACL PER PAT E NAT0 ***
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 remark Traffico abilitato ad entrare nel router da interne.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip any any log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 remark Traffico abilitato ad entrare nel router dalla et.255 log
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login CAuthorized access only!
Disconettiti subito o mi arrabbio!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 193.204.114.232
sntp server 193.204.114.233
sntp server 193.204.114.105
end


mi si conette il router la portante cè spia cd fissa
pero non navigo
o un dubbio dove o messo i punti interoogativippp chap hostname ???????????????????
ppp pap sent-username [email protected] password 7 xxxxxxxxxxxxxx

cosa ci va messo
sotto sono i miei dati di conessione ad alice
lo so che non è tanto ma un piccolo passo mi sembra di averlo fatto almeno il router ora si collega
aspetto notizie
grazie a chi mi risponde
ciaooooooo

[[Dj][DMX]]

Ad un'occhiata rapida:

Le access-lists non vanno bene, devi farne una sola, la 101, da applicare all'interfaccia dialer in entrata, tu hai fatto 100, 1010 e 102, e non hai permesso pressochè nulla nella 101, quindi non navigherai mai.
Ti do un consiglio: per ora togli la access-list dall'interfaccia dialer, ce ne occuperemo quando il router navigherà!

6 sicuro di quei DNS?

Quando ti dicevo di non copiare la configurazione intendevo dire che alcuni ne creano una con un editor di testo facendo copia incolla e poi fanno l'upload, ma io non approvo questa tecnica perchè è facilissimo sbagliare.

Manca la password dell'autenticazione chap, li devi mettere le tue di Alice, ma penso che tutti usino aliceadsl aliceadsl.