CiscoForums.it

Ciao a tutti,
sto configurando un cisco 833 per poter utilizzare emule, su quest'ultimo ho impostato le porte 1668 e 1672 ed ho messo le nat e le access list ma non funziona perchè mi dice che è "firewalled", dall'esterno non riesco nemmeno a collegarmi a quelle porte quando emule è aperto. Eppure la configurazione mi sembra giusta:

interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
oam retry 5 5 1
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface ATM0.1 point-to-point
ip nat outside
ip virtual-reassembly
!
interface Dialer0
ip ddns update hostname xx.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp multilink
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip flow-top-talkers
top 5
sort-by bytes
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 192.168.1.33 1668 interface Dialer0 1668
ip nat inside source static tcp 192.168.1.33 1672 interface Dialer0 1672
ip nat inside source static udp 192.168.1.33 1672 interface Dialer0 1672
ip nat inside source static tcp 192.168.1.33 1668 interface Dialer0 1668
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit tcp any host 192.168.1.33 eq 1668
access-list 102 permit udp any host 192.168.1.33 eq 1668
access-list 102 permit tcp any host 192.168.1.33 eq 1672
access-list 102 permit udp any host 192.168.1.33 eq 1672

Che ne dite??

Grazie!
Ciao
Andrea

La ACL 102 dove l'hai messa?

Paolo

Ciao Visna,

Prima cosa hai applicato un doppio Nat Outside, prima sulla ATM0.1 e poi sulla Dialer0

Lascia quello sulla Dialer0 e togli quello sulla ATM0.1

paolomat75 ha scritto:La ACL 102 dove l'hai messa?

Paolo

ho provato ad applicarle sull'interfaccia Dialer0 e togliere la nat outside sulla ATM0.1 ma non cambia nulla:

interface Ethernet0
ip address 192.168.1.254 255.255.255.0
ip nbar protocol-discovery
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
oam-pvc 0
oam retry 5 5 1
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface ATM0.1 point-to-point
ip virtual-reassembly
!
interface FastEthernet1
duplex auto
speed auto
!
interface Dialer0
ip ddns update hostname xx.dyndns.org
ip ddns update DynDNS host members.dyndns.org
ip address negotiated
ip access-group 102 in
no ip proxy-arp
ip nat outside
no ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.33 1668 interface Dialer0 1668
ip nat inside source static udp 192.168.1.33 1672 interface Dialer0 1672
ip nat inside source static tcp 192.168.1.33 1672 interface Dialer0 1672
ip nat inside source static udp 192.168.1.33 1668 interface Dialer0 1668
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit tcp any host 192.168.1.33 eq 1668
access-list 102 permit udp any host 192.168.1.33 eq 1668
access-list 102 permit tcp any host 192.168.1.33 eq 1672
access-list 102 permit udp any host 192.168.1.33 eq 1672
access-list 102 permit ip any any

Ho messo anche l'ultima regola per non bloccare nulla altrimenti non riesco neanche a navigare su Internet..
ma continuo a non collegarmi su quelle porte dall'esterno.