Ci va si, o no?
soho 97 con adsl tiscali residenziale
Dopo aver sistemato i forward per fritz, telefono voip, emule e torrent,
sembrava funzionare ma invece utorrent non trovava peer e il web era
impossibile, pagine che non si aprivano e timeout continui,
allora o tolto la riga "ip nat translation max-entries 4096"
e ora sto testando la situazione.
ip nat translation max-entries
Moderatore: Federico.Lagni
-
JoCondor
- n00b
- Messaggi: 10
- Iscritto il: gio 29 gen , 2009 8:05 pm
Ho pure mancato una lettera...
Comunque ora sta così, i timeout molto bassi e nessun limite alle entry:
Router#sh run
Building configuration...
Current configuration : 4072 bytes
!
! Last configuration change at 07:54:01 CET Sat Jan 31 2009 by CRWS_Gayatri
! NVRAM config last updated at 07:54:01 CET Sat Jan 31 2009 by CRWS_Gayatri
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$Ijfo$zG.t9TuoipFyE7T85jZHF0
!
username CRWS_Prem privilege 15 password 7 xxxx
username Router password 7 xxxx
username CRWS_Kannan privilege 15 password 7 xxxx
username CRWS_Venky privilege 15 password 7 xxxx
clock timezone CET 1
ip subnet-zero
ip name-server 213.205.36.70
ip name-server 213.205.32.70
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.40
ip dhcp excluded-address 192.168.0.99
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name cisco
lease 0 2
!
!
no aaa new-model
!
!
partition flash 2 6 2
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0
ip address 192.168.0.1 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp pap sent-username xxxx password 7 xxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static tcp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
!
end
Router#
Comunque ora sta così, i timeout molto bassi e nessun limite alle entry:
Router#sh run
Building configuration...
Current configuration : 4072 bytes
!
! Last configuration change at 07:54:01 CET Sat Jan 31 2009 by CRWS_Gayatri
! NVRAM config last updated at 07:54:01 CET Sat Jan 31 2009 by CRWS_Gayatri
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$Ijfo$zG.t9TuoipFyE7T85jZHF0
!
username CRWS_Prem privilege 15 password 7 xxxx
username Router password 7 xxxx
username CRWS_Kannan privilege 15 password 7 xxxx
username CRWS_Venky privilege 15 password 7 xxxx
clock timezone CET 1
ip subnet-zero
ip name-server 213.205.36.70
ip name-server 213.205.32.70
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.0.201 192.168.0.254
ip dhcp excluded-address 192.168.0.20
ip dhcp excluded-address 192.168.0.40
ip dhcp excluded-address 192.168.0.99
!
ip dhcp pool CLIENT
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
domain-name cisco
lease 0 2
!
!
no aaa new-model
!
!
partition flash 2 6 2
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.0.1-255.255.255.0
ip address 192.168.0.1 255.255.255.0 secondary
ip address 192.168.0.254 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp pap sent-username xxxx password 7 xxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat translation timeout 420
ip nat translation tcp-timeout 120
ip nat translation udp-timeout 120
ip nat translation finrst-timeout 300
ip nat translation syn-timeout 120
ip nat translation dns-timeout 300
ip nat translation icmp-timeout 120
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static udp 192.168.0.20 14011 interface Dialer1 14011
ip nat inside source static tcp 192.168.0.20 14010 interface Dialer1 14010
ip nat inside source static tcp 192.168.0.20 5500 interface Dialer1 5500
ip nat inside source static udp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static udp 192.168.0.20 49001 interface Dialer1 49001
ip nat inside source static tcp 192.168.0.20 55556 interface Dialer1 55556
ip nat inside source static udp 192.168.0.99 20000 interface Dialer1 20000
ip nat inside source static udp 192.168.0.99 5070 interface Dialer1 5070
ip nat inside source static udp 192.168.0.40 5060 interface Dialer1 5060
ip nat inside source static tcp 192.168.0.20 80 interface Dialer1 80
ip nat inside source static tcp 192.168.0.20 21 interface Dialer1 21
!
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 permit udp host 193.204.114.232 any eq ntp
access-list 102 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
sntp server 193.204.114.232
!
end
Router#
-
ciscomanagement
- Network Emperor
- Messaggi: 229
- Iscritto il: lun 03 ott , 2005 7:17 pm
- Località: Sicilia
posta un :
sh ip nat statistics
ovviamente mentre hai tutti i software connessi ed in funzione
sh ip nat statistics
ovviamente mentre hai tutti i software connessi ed in funzione
-
JoCondor
- n00b
- Messaggi: 10
- Iscritto il: gio 29 gen , 2009 8:05 pm
Siccome non so bene il significato di tutti i valori ne porto due a distanza di pochi minuti, ho messo a scaricare un po' di robacce a caso dal mulo
e due torrent che scendono veloci.
Router#sh ip nat st
Total active translations: 2631 (0 static, 2631 dynamic; 2635 extended)
Outside interfaces:
Dialer1, Virtual-Access2
Inside interfaces:
Ethernet0
Hits: 73187306 Misses: 4878124
CEF Translated packets: 77223314, CEF Punted packets: 426322
Expired translations: 5041532
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 102 interface Dialer1 refcount 906
Router#
Router#
Router#sh ip nat st
Total active translations: 2859 (0 static, 2859 dynamic; 2863 extended)
Outside interfaces:
Dialer1, Virtual-Access2
Inside interfaces:
Ethernet0
Hits: 73215828 Misses: 4878723
CEF Translated packets: 77252227, CEF Punted packets: 426414
Expired translations: 5041998
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 102 interface Dialer1 refcount 881
Router#
e due torrent che scendono veloci.
Router#sh ip nat st
Total active translations: 2631 (0 static, 2631 dynamic; 2635 extended)
Outside interfaces:
Dialer1, Virtual-Access2
Inside interfaces:
Ethernet0
Hits: 73187306 Misses: 4878124
CEF Translated packets: 77223314, CEF Punted packets: 426322
Expired translations: 5041532
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 102 interface Dialer1 refcount 906
Router#
Router#
Router#sh ip nat st
Total active translations: 2859 (0 static, 2859 dynamic; 2863 extended)
Outside interfaces:
Dialer1, Virtual-Access2
Inside interfaces:
Ethernet0
Hits: 73215828 Misses: 4878723
CEF Translated packets: 77252227, CEF Punted packets: 426414
Expired translations: 5041998
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 102 interface Dialer1 refcount 881
Router#
-
ciscomanagement
- Network Emperor
- Messaggi: 229
- Iscritto il: lun 03 ott , 2005 7:17 pm
- Località: Sicilia
2800 traslazioni per un soho 97, sono troppe, e non risolvi sono togliendo il max entries del protocollo.
posta anche un :
sh proc cpu his
ed un
sh mem stat
posta anche un :
sh proc cpu his
ed un
sh mem stat
-
JoCondor
- n00b
- Messaggi: 10
- Iscritto il: gio 29 gen , 2009 8:05 pm
Però ora è sceso perché ho chiuso quasi tutto, è rimasto solo il torrent
Router#sh mem stat
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 81030E84 28321148 7863904 20457244 16696764 19001868
I/O 2B33400 5032960 725584 4307376 4289152 4307212
Router#
Router#sh proc cpu his
1122222333331111111111111111111111111111111111111111111111
4400000111115555555555666666666666666555556666677777666666
100
90
80
70
60
50
40
30 *****
20 ********************************************************
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
3323332332232223222231333223222223133332323232323231223223
3092418148646620842528953870377940513126342438362807661468
100
90
80
70
60
50
40 ** *
30 ************** ** ** ****** *** * ****** * ******* *** **
20 #####*#*####**####*##*#**********************************#
10 ##########################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
4544424433222222334323323233333323222222442323223333333533333333333333
9321586660988999200682191930887261555666526566787563335055669425333334
100
90
80
70
60
50 ** * ** * *
40 ***** *** ** *** ** * * *** ******* *
30 *#********************************************************************
20 ##***************************##***************************************
10 ######################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Router#
Router#sh mem stat
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 81030E84 28321148 7863904 20457244 16696764 19001868
I/O 2B33400 5032960 725584 4307376 4289152 4307212
Router#
Router#sh proc cpu his
1122222333331111111111111111111111111111111111111111111111
4400000111115555555555666666666666666555556666677777666666
100
90
80
70
60
50
40
30 *****
20 ********************************************************
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
3323332332232223222231333223222223133332323232323231223223
3092418148646620842528953870377940513126342438362807661468
100
90
80
70
60
50
40 ** *
30 ************** ** ** ****** *** * ****** * ******* *** **
20 #####*#*####**####*##*#**********************************#
10 ##########################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
4544424433222222334323323233333323222222442323223333333533333333333333
9321586660988999200682191930887261555666526566787563335055669425333334
100
90
80
70
60
50 ** * ** * *
40 ***** *** ** *** ** * * *** ******* *
30 *#********************************************************************
20 ##***************************##***************************************
10 ######################################################################
0....5....1....1....2....2....3....3....4....4....5....5....6....6....7.
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Router#
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
No non ci va!Ci va si, o no?
Cisco stessa dichiara che quest comando ci va solo in particolari condizioni!
Se usi sw di p2p limita le connessioni sul client
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
ciscomanagement
- Network Emperor
- Messaggi: 229
- Iscritto il: lun 03 ott , 2005 7:17 pm
- Località: Sicilia
Si dovrebbe vedere a carico pieno con un tot download; comunque ugualmente prova ad inserire questa riga :
router>conf t
router(config)>ip nat translation finrst-timeout 10
Metti tutti a pieno carico, e dopo 10 min che e' tutto al massimo, prova a navigare, e vedi cosa accade
router>conf t
router(config)>ip nat translation finrst-timeout 10
Metti tutti a pieno carico, e dopo 10 min che e' tutto al massimo, prova a navigare, e vedi cosa accade
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Dalla cli leggo questo:
finrst-timeout Specify timeout for NAT TCP flows after a FIN or RST
Ma dopo un reset o fin la riga di nat non divrebbe cancellarsi in automatico?! (a logica)
finrst-timeout Specify timeout for NAT TCP flows after a FIN or RST
Ma dopo un reset o fin la riga di nat non divrebbe cancellarsi in automatico?! (a logica)
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
-
ciscomanagement
- Network Emperor
- Messaggi: 229
- Iscritto il: lun 03 ott , 2005 7:17 pm
- Località: Sicilia
In effetti si cancella automaticamente; ma omettendo la riga, resta di default ogni 60 sec se non sbaglio, e si accumulano traslazioni col p2p
Li si dovrebbero minimo dimezzare rispetto alle sue quote attuali
Li si dovrebbero minimo dimezzare rispetto alle sue quote attuali
-
JoCondor
- n00b
- Messaggi: 10
- Iscritto il: gio 29 gen , 2009 8:05 pm
Ora non ho modo di fare prove a pieno carico,
sono situazioni che mi capitano raramente,
ma siccome ho dato un telefono voip a mio padre
non voglio che poi mi venga a dire che si sente da schifo.
Mi sembra strano però che per un router così vecchio e collaudato
non ci sia una configurazione idonea all'utilizzo domestico.
sono situazioni che mi capitano raramente,
ma siccome ho dato un telefono voip a mio padre
non voglio che poi mi venga a dire che si sente da schifo.
Mi sembra strano però che per un router così vecchio e collaudato
non ci sia una configurazione idonea all'utilizzo domestico.
-
Wizard
- Intergalactic subspace network admin
- Messaggi: 3441
- Iscritto il: ven 03 feb , 2006 10:04 am
- Località: Emilia Romagna
- Contatta:
Conta che alcune reti aziendali cadono per abusi di p2p...pensa un soho...
Il futuro è fatto di persone che hanno delle intuizioni e visioni .....sono quelle persone che fanno la differenza...... quelle dotate di un TERZO OCCHIO....
