Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Il nat non mi apre le porte...

0 views
Skip to first unread message

Galerio

unread,
Mar 5, 2009, 8:30:51 AM3/5/09
to
Tutto funziona, internet, wifi etc etc...

L'unico problema è che il nat non mi apre le porte... Qualcuno sa dirmi
come mai? Infatti ne emule ne il telefono voip riescon ad avere porte
aperte nonostante siano configurate e con ip fissi...

Ecco la config attuale:
*******************************************************
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash c870-advipservicesk9-mz.124-15.T6.bin
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-36xxxxxxxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-36xxxxxxxxx
revocation-check none
rsakeypair TP-self-signed-36xxxxxxx
!
!
crypto pki certificate chain TP-self-signed-36xxxxxxxxx
certificate self-signed 01 nvram:IOS-Self-Sig#E.cer
dot11 syslog
!
dot11 ssid wifiReti
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 passw
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.12
!
ip dhcp pool sdm-pool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 195.186.1.111 195.186.4.111
lease infinite
!
ip dhcp pool STATIC-1
host 192.168.1.2 255.255.255.0
client-identifier 0100.12dc.5c47.6b
client-name AladinoVoip
!
ip dhcp pool STATIC-2
host 192.168.1.3 255.255.255.0
client-identifier 0100.0129.d1a5.83
client-name Armor
!
ip dhcp pool STATIC-3
host 192.168.1.4 255.255.255.0
client-identifier 0100.14bf.62ca.d9
client-name NSLU2
!
ip dhcp pool STATIC-4
host 192.168.1.5 255.255.255.0
client-identifier 0100.1731.c2ee.97
client-name Amelia
!
ip dhcp pool STATIC-5
host 192.168.1.6 255.255.255.0
client-identifier 0108.1073.0dcd.b0
client-name Vale
!
ip dhcp pool STATIC-6
host 192.168.1.7 255.255.255.0
client-identifier 0100.2100.6593.7f
client-name Maggi
!
ip dhcp pool STATIC-7
host 192.168.1.8 255.255.255.0
client-identifier 0100.16fe.7b43.70
client-name HP-rw6815
!
ip dhcp pool STATIC-8
host 192.168.1.9 255.255.255.0
client-identifier 0100.1d0f.b59d.5f
client-name Crema-wifi
!
ip dhcp pool STATIC-9
host 192.168.1.11 255.255.255.0
client-identifier 0100.0c6e.a800.62
client-name Crema-eth
!
!
ip name-server 195.186.1.111
ip name-server 195.186.4.111
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall https
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall tcp
ip inspect name Firewall udp
ip inspect name Firewall vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip ddns update method sdm_ddns1
HTTP
add
http://xxx:x...@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
remove
http://xxx:x...@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
!
!
multilink bundle-name authenticated
!
!
username xxxxxxxxxx privilege 15 password 0 xxxxxxxx
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode adsl2+
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
ssid ArmorReti
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
world-mode dot11d country IT both
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Dialer0
ip ddns update hostname xxxxxx.gotdns.com
ip ddns update sdm_ddns1
ip address negotiated
ip access-group 101 in
ip mtu 1492
ip nat outside
ip inspect Firewall out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname xxxx...@tiscali.it
ppp chap password 0 xxxxxxxxxx
!
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.2 5060 interface Dialer0 5060
ip nat inside source static tcp 192.168.1.2 5060 interface Dialer0 5060
ip nat inside source static udp 192.168.1.3 9 interface Dialer0 9
ip nat inside source static tcp 192.168.1.3 4711 interface Dialer0 4711
ip nat inside source static tcp 192.168.1.3 7395 interface Dialer0 7395
ip nat inside source static udp 192.168.1.3 8457 interface Dialer0 8457
ip nat inside source static udp 192.168.1.3 35238 interface Dialer0
35238
ip nat inside source static tcp 192.168.1.3 35238 interface Dialer0
35238
ip nat inside source static tcp 192.168.1.3 81 interface Dialer0 81
ip nat inside source static tcp 192.168.1.3 5900 interface Dialer0 5900
ip nat inside source static tcp 192.168.1.3 6346 interface Dialer0 6346
ip nat inside source static udp 192.168.1.3 6346 interface Dialer0 6346
ip nat inside source static tcp 192.168.1.4 4712 interface Dialer0 4712
ip nat inside source static udp 192.168.1.4 5672 interface Dialer0 5672
ip nat inside source static udp 192.168.1.4 4665 interface Dialer0 4665
ip nat inside source static tcp 192.168.1.3 5800 interface Dialer0 5800
ip nat inside source static tcp 192.168.1.3 36433 interface Dialer0
36433
ip nat inside source static tcp 192.168.1.3 6348 interface Dialer0 6348
ip nat inside source static udp 192.168.1.3 6348 interface Dialer0 6348
ip nat inside source static tcp 192.168.1.3 15698 interface Dialer0
15698
ip nat inside source static udp 192.168.1.3 15698 interface Dialer0
15698
ip nat inside source static tcp 192.168.1.3 6347 interface Dialer0 6347
ip nat inside source static udp 192.168.1.3 6347 interface Dialer0 6347
ip nat inside source static tcp 192.168.1.4 5662 interface Dialer0 5662
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 permit tcp host 63.208.196.96 eq www any log
access-list 101 permit udp host 207.46.232.42 eq ntp any
access-list 101 permit udp host 192.43.244.18 eq ntp any
access-list 101 remark Traffico abilitato ad entrare nel router da
internet
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp host 195.186.1.111 eq domain any
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
access-list 101 permit udp host 195.186.4.111 eq domain any
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq netbios-ns log
access-list 102 deny udp any any eq netbios-dgm log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark Traffico abilitato ad entrare nel router dalla
ethernet
access-list 102 permit ip any host 192.168.1.1
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
sntp server 207.46.197.32
sntp server 192.43.244.18
end

**********************************************************

Grazie

--
Contest(abile) !!!! Partecipate numerosi!!
http://www.1e2.it/contest-abile

--------------------------------------------------------
http://www.flickr.com/photos/galerio/
ogni commento e critica son graditi!!!
-------------------------------------------------------
Iscriviti anche tu al gruppo Facebook di
appassionati di fotografia digitale:
http://www.facebook.com/group.php?gid=28645424291
---------------------------------------------------------------


Vito

unread,
Mar 14, 2009, 11:21:49 AM3/14/09
to
On 5 Mar, 13:30, Galerio <massimo.macca...@tiscali.it> wrote:
> Tutto funziona, internet, wifi etc etc...
>
> L'unico problema è che il nat non mi apre le porte... Qualcuno sa dirmi
> come mai? Infatti ne emule ne il telefono voip riescon ad avere porte
> aperte nonostante siano configurate e con ip fissi...
>

perche' in parole povere il NAT non fa altro che smistare il traffico
indirizzato ad un IP A su un indirizzo IP B.
poiche' hai delle ACLs (come dice il nome "liste d accesso") in
entrata.. nel tuo caso specifico dovresti esplicitamente aprire queste
porte. Supponendo ad esempio che emule usi le porte TCP 7301 e UDP
7302 dovresti inserire due ACLs del tipo

access-list 101 permit tcp any any eq 7301
access-list 101 permit udp any any eq 7302

anziche any potresti anche usare l indirizzo ip della macchina sulla
quale lanci emule come destination IP..
Ciao
Vito

0 new messages