Multi Gateway - redirect www [Αρχείο] - ADSLgr.com Community Forum

bios175

12-10-08, 17:32

Καλησπερα

Εχω 2 router (1 cisco 1801 1 cisco 877) και οι 2 εχουν μια ΑDSL (ΗΟL-TELLΑS)
Η συνδεση της ΗOL που ειναι πανω στον 1801 εχει static ip + mx+www record διοτι παιζει mail/web server.
Tην αλλη συνδεση την εχω για internet

Θελησα να κανω forward την κινηση για το internet στον 877. και οτι ειιναι για email απο τον 1801..Φενεται οτι με το παρακατω route-map παιζει πολυ καλα...(οτι εχει να κανει με www παει απο τον 877 )
Το ΠΡΟΒΛΗΜΑ ΕΙΝΑΙ οτι μολις παω και βγαζω το τηλεφωνικο καλωδιο απο τον 1801(test) δεν εχω internet..Δηλ δεν εχω ουτε email διοτι ειναι κατω η γραμμη αλλα δεν εχω και internet που κανονικα γινεται forward στον 877.ΟΛΑ ΕΙΝΑΙ ΠΑΝΩ ΣΤΟ ΙΔΙΟ SWITCH. Mεχρι τωρα εχω καταλαβει οτι ειναι Mαλλον θεμα dns....
Αν βαλω καρφωτες ιp 192.168.1.6
gateway 192.168.1.254
dns 62.169.194.17 62.169.194.18 σε ενα pc πανω στο switch παιζει κανονικα (internet)

???Γιατι γινεται αυτο ????μολις η συνδεση του 1801 χανεται δεν εχω ουτε ιντερνετ.. δηλ ναι μεν χανω την συνδεση για τα email αλλα πως γινεται να χανω και τo internet την στιγμη που στο FA0 υπαρχει route-map και στελνει το www trafic στον 877..
:hmm:
Πως θα γινει να παιξει.. χανω κατι με τα dns?:(

CISCO 877
Current configuration : 1464 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
ip name-server 62.169.194.17
ip name-server 62.169.194.18
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ok
ppp pap sent-username ok password 0 ok
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
=======================================================
-========================================================

CISCO 1801

Current configuration : 2533 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
!
ip dhcp pool 2
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.200
dns-server 194.30.220.114 194.30.220.117
lease 0 2
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
username ok privilege 15 password 0 ok
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
ip address 192.168.1.200 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
ip policy route-map www_redirect
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface Vlan1
no ip address
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ok
ppp chap password 0 ok
ppp pap sent-username ok password 0 ok
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.100 110 interface Dialer0 110
ip nat inside source static tcp 192.168.1.100 25 interface Dialer0 25
ip nat inside source static tcp 192.168.1.100 443 interface Dialer0 443
!
ip access-list extended www_trafic
permit tcp any any eq www
permit tcp any any eq domain
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
route-map www_redirect permit 10
match ip address www_trafic
set ip next-hop 192.168.1.254
set interface FastEthernet0
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password 123456
login local
!
end

Εχω τρεξει Debug ip policy στον 1801 την στιγμη που εχω κατω την συνδεση του και μου φερνει τα παρακατω

*Oct 12 12:39:53.243: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:39:53.243: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:39:54.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:39:54.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:39:55.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:39:55.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:39:57.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:39:57.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:39:57.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:39:57.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:40:01.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:01.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 67, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:01.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:40:01.239: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 67, policy rejected -- normal forwarding
*Oct 12 12:40:08.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:08.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:09.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:09.119: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:09.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:09.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:10.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:10.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:10.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:10.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:11.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:11.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:12.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:12.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:12.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:12.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:13.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:13.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:13.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:13.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:16.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:16.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 75, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:16.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:16.251: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 75, policy rejected -- normal forwarding
*Oct 12 12:40:17.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:17.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 55, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:17.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:17.115: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 55, policy rejected -- normal forwarding
*Oct 12 12:40:24.115: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwarding
*Oct 12 12:40:24.867: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwarding
*Oct 12 12:40:25.615: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwarding
*Oct 12 12:40:26.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:26.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:27.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:27.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:28.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:28.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:30.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:30.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:30.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:30.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:34.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:34.379: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17, len 61, FIB policy rejected(no match) - normal forwarding
*Oct 12 12:40:34.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.18 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:34.383: IP: s=192.168.1.6 (FastEthernet0), d=62.169.194.17 (Dialer0), len 61, policy rejected -- normal forwarding
*Oct 12 12:40:41.379: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwarding
*Oct 12 12:40:42.131: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwardingu
*Oct 12 12:40:42.879: IP: s=192.168.1.6 (FastEthernet0), d=192.168.1.255 (FastEthernet0), len 78, policy rejected -- normal forwarding all

boeotian

14-10-08, 11:10

O 1801 δεν έχει κάποιο backup interface να δείχνει τον 877 όταν του πέσει η primary σύνδεση και το μόνο που κάνει είναι redirect την HTTP κίνηση σε αυτόν. Λογικό είναι όταν πέσει η σύνδεσή του οι DNS να μην δουλεύουν, γιατί τα DNS queries δεν τα κάνεις redirect.

Το πρόβλημα δεν είναι μόνο στο DNS, αλλά και στο default gateway σου που δεν έχει ιδέα τι να κάνει αν του πέσει η primary σύνδεση. Όπως φαίνεται και στα logs προσπαθούν να βρουν τον DNS server από dialer0 μόνο. Ένα backup configuration που να αλλάζει το route στον 877 θα ήταν η λύση στο πρόβλημά σου, γιατί στην ουσία αυτό θες να κάνεις, να έχεις Internet όταν πέσει η primary σύνδεση του gateway σου που είναι ο 1801.

Η δικιά μου γνώμη είναι ότι εφόσον θες να βγαίνεις στο ΙντερνΈ από τον 877, γιατί δεν τον βάζεις κατευθείαν ως default gateway σε όλα τα μηχανάκια σου και απασχολείς τον 1801; Αυτόν άστον με την static ip να δέχεται την incoming κίνηση για τον mail/web server σου.

karavagos

14-10-08, 11:36

Μια εύκολη (αλλά όχι βέλτιστη) λύση για να συνεχίζει να παίζει το www (www δεν σημαίνει internet), είναι να αλλάξεις το παρακάτω

ip access-list extended www_trafic
permit tcp any any eq www
permit tcp any any eq domain

σε

ip access-list extended www_trafic
permit tcp any any eq www
permit udp any any eq domain
permit tcp any any eq domain

έτσι ώστε να γίνεται redirect και το dns (υποθέτω ότι για να είχες προσθέσει το tcp, αυτό προσπαθούσες να κάνεις και εσύ).

Από την άλλη υπάρχουν πολύ καλύτερες λύσεις για να έχεις redundancy σε όλες τις υπηρεσίες, αλλά θα πρέπει να πειραματιστείς αρκετά (ή να το αναθέσεις σε κάποιον εξωτερικό συνεργάτη).

bios175

16-10-08, 00:23

Ευχαριστω για την βοηθεια παιδια.
Το θεμα λυθηκε βαζοντας στη access-list ΚΑΙ permit udp any any 53...ευχαριστω Καραβαγκο.
Τωρα εχω θεμα με την καθηστεριση. παρατηρω ενα delay που και που και ειναι φυσικο
Mε λιγο Εthereal και ορεξη θα το φτιαξω ελπιζω.:)