inmymemory
13-05-11, 15:51
Καλησπέρα στο forum,
Έχω προγραμματίσει και εγκαταστήσει έναν Cisco 887 και έχω 2 προβλήματα:
1. δεν μπορώ να κάνω ping (μέσα από τον router) σε public IPs
2. οι clients πίσω από το NAT δεν βλέπουν DNS (ενώ κάνουν κανονικά ping σε public IPs π.χ. 4.2.2.2, 8.8.8.8, κτλ). Υπάρχει πρόσβαση δηλαδή προς τα έξω αλλά δεν γίνεται name resolution
Αυτό είναι το configuration:
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot system flash:c880data-universalk9-mz.150-1.M5.bin
boot-end-marker
!
logging buffered 51200
enable secret 5 *%&$%@#GRKJggsugdi3gi!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-3144949223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3144949223
revocation-check none
rsakeypair TP-self-signed-3144949223
!
!
crypto pki certificate chain TP-self-signed-3144949223
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
no ip source-route
!
ip cef
no ip bootp server
ip name-server 194.30.220.114
ip name-server 194.30.220.117
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
!
isdn switch-type basic-net3
license udi pid CISCO887-K9 sn FCZ143291EW
license accept end user agreement
license boot module c880-data level advsecurity
!
username admin privilege 15 password 7 7657&*^&h3h4hg
!
ip tcp synwait-time 10
!
interface BRI0
no ip address
ip flow ingress
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
no isdn termination multidrop
isdn point-to-point-setup
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description **ADSL_WAN**
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname username@adsl.gr
ppp chap password 7 6456645646464
ppp pap sent-username username@adsl.gr password 7 64565478876878
!
interface Dialer1
description ***ISDN BACKUP DIALER***
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer string 8962577777
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname username@adsl.gr
ppp chap password 7 54364treghhtrrhtr
ppp pap sent-username username@adsl.gr password 7 gdfgdfdfhfg
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map ADSL interface Dialer0 overload
ip nat inside source route-map ISDN interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 80 62.xxx.xxx.xxx extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1 100
!
logging trap debugging
access-list 110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 111 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
route-map ISDN permit 10
match ip address 111
match interface Dialer1
!
route-map ADSL permit 10
match ip address 110
match interface Dialer0
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 fsdgdffgsgsg
login
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
ΣΗΜΕΙΩΣΗ 1: Η γραμμή / φυσική εγκατάσταση δουλεύουν κανονικά (ppp & cd ανάβουν)
ΣΗΜΕΙΩΣΗ 2: Αν βάλω πάνω τον κλασσικό router που δίνει η HOL (NetFaster 5200) παίζουν τα πάντα κανονικά
ΣΗΜΕΙΩΣΗ 3: Ο cisco 887 έχει το τελευταίο IOS και έχει ελεγχτεί για τυχόν δυσλειτουργίες
ΣΗΜΕΙΩΣΗ 4: Η κίνηση προς τα μέσα (port forwards), λειτουργεί κανονικότατα
ΣΗΜΕΙΩΣΗ 5: Δοκιμάστηκε σε άλλη γραμμή, με διαφορετικό πάροχο και δούλεψαν όλα κανονικά
Υ.Γ. Πάω να τρελαθώ, θα τραβάω τα μαλλιά μου σε λίγο :rtfm:
Έχω προγραμματίσει και εγκαταστήσει έναν Cisco 887 και έχω 2 προβλήματα:
1. δεν μπορώ να κάνω ping (μέσα από τον router) σε public IPs
2. οι clients πίσω από το NAT δεν βλέπουν DNS (ενώ κάνουν κανονικά ping σε public IPs π.χ. 4.2.2.2, 8.8.8.8, κτλ). Υπάρχει πρόσβαση δηλαδή προς τα έξω αλλά δεν γίνεται name resolution
Αυτό είναι το configuration:
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot system flash:c880data-universalk9-mz.150-1.M5.bin
boot-end-marker
!
logging buffered 51200
enable secret 5 *%&$%@#GRKJggsugdi3gi!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 2
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 4:00
!
crypto pki trustpoint TP-self-signed-3144949223
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3144949223
revocation-check none
rsakeypair TP-self-signed-3144949223
!
!
crypto pki certificate chain TP-self-signed-3144949223
certificate self-signed 01 nvram:IOS-Self-Sig#2.cer
no ip source-route
!
ip cef
no ip bootp server
ip name-server 194.30.220.114
ip name-server 194.30.220.117
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
!
isdn switch-type basic-net3
license udi pid CISCO887-K9 sn FCZ143291EW
license accept end user agreement
license boot module c880-data level advsecurity
!
username admin privilege 15 password 7 7657&*^&h3h4hg
!
ip tcp synwait-time 10
!
interface BRI0
no ip address
ip flow ingress
encapsulation ppp
dialer pool-member 2
isdn switch-type basic-net3
no isdn termination multidrop
isdn point-to-point-setup
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description **ADSL_WAN**
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
pvc 8/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname username@adsl.gr
ppp chap password 7 6456645646464
ppp pap sent-username username@adsl.gr password 7 64565478876878
!
interface Dialer1
description ***ISDN BACKUP DIALER***
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 2
dialer string 8962577777
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname username@adsl.gr
ppp chap password 7 54364treghhtrrhtr
ppp pap sent-username username@adsl.gr password 7 gdfgdfdfhfg
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source route-map ADSL interface Dialer0 overload
ip nat inside source route-map ISDN interface Dialer1 overload
ip nat inside source static tcp 192.168.0.2 80 62.xxx.xxx.xxx extendable
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1 100
!
logging trap debugging
access-list 110 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 111 permit ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
route-map ISDN permit 10
match ip address 111
match interface Dialer1
!
route-map ADSL permit 10
match ip address 110
match interface Dialer0
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password 7 fsdgdffgsgsg
login
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
ΣΗΜΕΙΩΣΗ 1: Η γραμμή / φυσική εγκατάσταση δουλεύουν κανονικά (ppp & cd ανάβουν)
ΣΗΜΕΙΩΣΗ 2: Αν βάλω πάνω τον κλασσικό router που δίνει η HOL (NetFaster 5200) παίζουν τα πάντα κανονικά
ΣΗΜΕΙΩΣΗ 3: Ο cisco 887 έχει το τελευταίο IOS και έχει ελεγχτεί για τυχόν δυσλειτουργίες
ΣΗΜΕΙΩΣΗ 4: Η κίνηση προς τα μέσα (port forwards), λειτουργεί κανονικότατα
ΣΗΜΕΙΩΣΗ 5: Δοκιμάστηκε σε άλλη γραμμή, με διαφορετικό πάροχο και δούλεψαν όλα κανονικά
Υ.Γ. Πάω να τρελαθώ, θα τραβάω τα μαλλιά μου σε λίγο :rtfm: