مدتیه که این مشکل برام پیش اومده به این صورت که ip های داخل lan از بیرون قابل دسترسی نیستن
به عنوان مثال ip وب سرور هست 4.x.x.x که dns server هم هست و به همین دلیل وب سایتم دیگه غیر از داخل isp هیچ جا بالا نمیاد حتی با ip
حتی برای یوزر هام هم که داری valid ip (از 31 تا 61) هستن هم همین مشکل وجود داره
اتفاقاتی که افتاده :
-کش سرور با(آی پی 3.x.x.x) قبلا dns server هم بود که بنا به دلایلی دیگه نیست و همون وب سرور دی ان اس هم هست
-سوییچ داخل lan مدتیه قاط زده مثلا باعث ایجاد ip conflict میشه که وقتی جای پورت ها رو عوض میکنم درست میشه
- البته من خودم فکر کنم از access list روتر باشه
اینم configروتره :
(1.x.x.x :روتر
2.x.x.x:سرور اکانتینگ
3.x.x.x:کش سرور
4.x.x.x:وب سرور
30.x.x.x:وب سرور)
Current configuration : 6348 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
no boot startup-test
logging rate-limit console 10 except errors
logging console emergencies
aaa new-model
aaa authentication login default group radius local
aaa authentication login console line
aaa authentication login admin local
aaa authentication ppp default group radius local
aaa authorization exec default group radius
aaa authorization exec admin local
aaa accounting update newinfo
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
enable secret 5sd1$Ysdn$zKfd9sdQMkFsdWPwXVvGs.
resource-pool disable
facility-alarm detect controller E1 3/0
facility-alarm detect modem-board 1
!
!
!
!
!
voice-fastpath enable
ip subnet-zero
ip rcmd rsh-enable
ip rcmd remote-host SYSTEM x.x.x.2 SYSTEM enable
ip flow-cache timeout active 1
ip cef
no ip finger
ip domain-list avayejavan.com
ip name-server x.x.x.30
ip name-server 217.218.127.104
ip name-server 217.218.155.104
ip name-server 192.9.9.3
ip name-server x.x.x.4
!
call rsvp-sync
!
voice service pots
!
voice service voip
fax protocol t38 ls-redundancy 0 hs-redundancy 0
h323 call start fast
!
!
!
!
!
fax interface-type modem
mta receive maximum-recipients 0
!
!
!
controller E1 3/0
framing NO-CRC4
ds0-group 1 timeslots 1-15,17-31 type r2-digital
!
controller E1 3/1
shutdown
!
!
interface FastEthernet0/0
ip address 192.168.0.254 255.255.0.0 secondary
ip address x.x.x.1 255.255.255.192
ip nat inside
ip route-cache flow
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
bandwidth 64
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip route-cache flow
no ip mroute-cache
shutdown
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
ip unnumbered FastEthernet0/0
ip access-group 110 in
ip access-group 111 out
ip nat outside
encapsulation ppp
ip route-cache flow
no peer default ip address
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface Group-Async0
ip unnumbered FastEthernet0/0
ip directed-broadcast
encapsulation ppp
ip route-cache flow
ip tcp header-compression
no ip mroute-cache
ip policy route-map cache
async mode interactive
peer default ip address pool RAS1
ppp authentication chap pap callin
group-range 1/00 1/59
!
ip local pool RAS1 x.x.x.31 x.x.x.61
ip nat inside source list 11 interface FastEthernet0/0 overload
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination x.x.x.2 9996
ip flow-aggregation cache protocol-port
cache entries 2046
cache timeout inactive 45
cache timeout active 1
export destination x.x.x.2 9996
enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
!
ip access-list extended cache
deny tcp any any neq www
deny tcp host x.x.x.3 any eq www
permit tcp x.x.x.0 0.0.0.255 any eq www
access-list 10 permit x.x.30.0 0.0.0.255
access-list 11 permit 192.168.0.0 0.0.255.255
access-list 11 permit x.x.x.0 0.0.0.255
access-list 13 permit x.x.x.0 0.0.0.255
access-list 15 permit x.x.x.2
access-list 15 permit x.x.x.3
access-list 101 permit tcp any any eq www
access-list 110 deny udp any any eq netbios-ns
access-list 110 deny udp any any eq netbios-dgm
access-list 110 deny udp any any eq netbios-ss
access-list 110 deny tcp any any eq 135
access-list 110 deny udp any any eq 135
access-list 110 deny tcp any any eq 137
access-list 110 deny tcp any any eq 138
access-list 110 deny tcp any any eq 139
access-list 110 deny tcp any any eq 445
access-list 110 deny udp any any eq 445
access-list 110 deny tcp any any eq 4444
access-list 110 deny tcp any any eq 593
access-list 110 deny tcp any any eq 3127
access-list 110 deny tcp any any eq 3198
access-list 110 deny tcp any any eq 5554
access-list 110 deny tcp any any eq 9996
access-list 110 deny tcp any any eq 1034
access-list 110 deny tcp any any eq 2745
access-list 110 deny tcp any host 216.250.128.12
access-list 110 permit udp host 195.219.180.14 any eq tftp
access-list 110 deny udp any any eq tftp
access-list 110 permit icmp any host 192.9.9.3 echo
access-list 110 permit icmp any host 128.8.5.2 echo
access-list 110 deny icmp any any echo
access-list 110 permit ip any any
access-list 110 deny udp host 195.219.180.14 any eq tftp
access-list 110 permit ip any host x.x.x.5
access-list 110 permit udp any any eq domain
access-list 110 permit udp any eq domain any
access-list 110 permit ip any host x.x.x.4
access-list 110 permit tcp any host x.x.x.4 eq www
access-list 111 permit ip any any
access-list 111 permit ip any host x.x.x.3
access-list 111 permit ip any host x.x.x.5
access-list 111 permit ip any host x.x.x.4
access-list 111 permit udp any any eq domain
access-list 111 permit udp any eq domain any
access-list 111 permit udp any eq domain host x.x.x.4 gt 1023
access-list 111 permit udp any eq domain host x.x.x.4 eq domain
access-list 111 permit tcp any host x.x.x.4 eq www
access-list 111 permit tcp any host x.x.x.4 eq 443
access-list 120 permit tcp x.x.x.0 0.0.0.61 any eq www
route-map cache permit 11
match ip address cache
set ip default next-hop x.x.x.3
!
snmp-server community sAS2224 RW 15
snmp-server ifindex persist
!
radius-server host x.x.x.2 auth-port 1645 acct-port 1646 key 7 011210050A5B
56
radius-server retransmit 3
radius-server timeout 20
radius-server key 7 ava100
!
voice-port 3/0:1
!
gateway
!
!
line con 0
password 7 063C002F494F0518171A
login authentication console
transport input pad telnet rlogin udptn v120 lapb-ta
line aux 0
autobaud
line vty 0 4
autobaud
authorization exec admin
login authentication admin
no editing
transport input pad telnet rlogin udptn v120 lapb-ta
line 1/00 1/59
no flush-at-activation
autoselect during-login
autoselect ppp
modem Dialin
modem autoconfigure discovery
autocommand ppp
transport input all
!
scheduler allocate 10000 400
end
آقای آریا گوهر من هنوزم منتظر راهنمایی و کمکتون هستم (امینی آوای جوان)
پیشاپیش از همتون تشکر میکنم مخصوصا از آقای آریا گوهر
موضوعات مشابه: