NAT e iMac

[linomatz]

Salve, un consiglio per favore ...

In LAN ho un iMac con IP 192.168.1.244
che ha funzioni sia di web server che ftp.
Tutto funziona bene.

Nella stessa LAN ho anche un PC con Linux e
IP 192.168.1.3 che ha funzioni sia di web server che ftp.
Tutto funziona bene.

Sul router Cisco 857 ho configurato la NAT con
due IP pubblici a puntare le due macchine singolarmente.
Le impostazioni sul router sono identiche.
Succede pero' che dall'esterno della LAN,
ovvero da internet, il PC con l'IP pubblico viene visto
e funziona regolarmente mentre l'iMAC non risponde,
ne' al web, ne' all'ftp e neanche ad un semplice ping.

Sul router il firewall e' configurato allo stesso modo
e sull'iMac e' tutto aperto e condiviso.

Non so piu' cosa provare per far vedere l'iMac,
qualche consiglio?


Grazie.



saluti

linomatz

[Wizard]

Come al solito dobbiamo vedere la configurazione del router in questione...

[linomatz]

in allegato ...

[hashashin]

miiiiiii!!! nn è una configurazione, è la divina commedia!!!!

[linomatz]

Sistemato, c'era un errore nel reindirizzamento del router sull'iMac,
data un'accorciatina anche alla config ... grazie

Codice: Seleziona tutto

!This is the running config of the router: 192.168.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname linomatz
!
boot-start-marker
boot-end-marker
!
no logging buffered
no logging rate-limit
logging console critical
enable secret 5 $1$bMvJ$onZ26GCZjT1o7xbcZtIY7/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.254
!
ip dhcp pool mx_dhcp
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 151.99.125.2 
   netbios-name-server 192.168.1.3 
   default-router 192.168.1.1 
   domain-name 191.it
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name 191.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-4279964180
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4279964180
 revocation-check none
 rsakeypair TP-self-signed-4279964180
!
!
crypto pki certificate chain TP-self-signed-4279964180
 certificate self-signed 01
  30820247 308201B0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 34323739 39363431 3830301E 170D3032 30333034 30303138 
  34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373939 
  36343138 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100E8F3 AE0C39CD 5D344946 4EF84AE4 0EBE832F B0DE448E 95B079E5 6E7810A3 
  1C9B8705 58F8D6C0 57926C2B 477B7BB2 AFD170E9 52F9EF9E CE09DD8D EC29C9E5 
  5CC947C3 DA4B0361 D987EE7E 72DAB015 3F82C505 410B4777 FABEF0FE 769C96D0 
  35816481 37E310BD 3F4ECDAB A6D1BAB6 69EDEEEB 8FFF66F3 AEE1790D CC7F67B4 
  34BB0203 010001A3 6F306D30 0F060355 1D130101 FF040530 030101FF 301A0603 
  551D1104 13301182 0F6C696E 6F6D6174 7A2E3139 312E6974 301F0603 551D2304 
  18301680 14D66C35 D1B868A8 2346D5B3 2D35BB2F 606AC52A F7301D06 03551D0E 
  04160414 D66C35D1 B868A823 46D5B32D 35BB2F60 6AC52AF7 300D0609 2A864886 
  F70D0101 04050003 818100B8 E0478A9B 7E393590 ABF6CF40 607506A9 BBCFD57C 
  77D5F9A8 5313C511 0E426ECF E5D2FE7F 33121586 B32C97F4 22150712 A3DF38B8 
  D24EFAFA D352BD8A 4C439BC6 2C317DA3 42D62535 905B1B59 65E2B094 79B47E8D 
  90F1435F D5A8AB46 729DE9D6 861DAD00 F61F8E05 0D721357 A6B3063B 8EB0E540 
  13729C1B BAB5D8A0 8E0A90
  quit
username admin privilege 15 secret 5 $1$geaO$/VcuCBZtlPrVksFsyA2b1/
!
! 
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode ansi-dmt
!
interface ATM0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 bandwidth 2048
 ip address 85.43.x 255.255.255.252
 ip access-group 101 in
 ip verify unicast reverse-path
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 no snmp trap link-status
 pvc 8/35 
  oam-pvc manage
  oam retry 5 5 1
  encapsulation aal5snap
 !
!
interface FastEthernet0
 no cdp enable
!
interface FastEthernet1
 no cdp enable
!
interface FastEthernet2
 no cdp enable
!
interface FastEthernet3
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0 secondary
 ip address 85.43.x 255.255.255.248
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static 192.168.1.3 85.43.x
ip nat inside source static 192.168.1.240 85.43.x
ip nat inside source static 192.168.1.244 85.43.x
!
logging trap debugging
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 85.43.x 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 85.43.x 0.0.0.3 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 85.43.x
access-list 101 permit tcp any host 85.43.x
access-list 101 permit udp any host 85.43.x
access-list 101 permit tcp any host 85.43.x
access-list 101 permit udp any host 85.43.x
access-list 101 permit tcp any host 85.43.x
access-list 101 permit udp host 151.99.0.100 eq domain host 85.43.x
access-list 101 permit udp host 151.99.125.2 eq domain host 85.43.x
access-list 101 deny   ip 85.43.x 0.0.0.7 any
access-list 101 permit icmp any host 85.43.x echo-reply
access-list 101 permit icmp any host 85.43.x time-exceeded
access-list 101 permit icmp any host 85.43.x unreachable
access-list 101 permit tcp any host 85.43.x eq 443
access-list 101 permit tcp any host 85.43.x eq 22
access-list 101 permit tcp any host 85.43.x eq cmd
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
no cdp run
!
control-plane
!
banner login ^CCAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end