-
آقا ببینین . من هیچ اکسز لیستی مبنی بر باز کردن دسترسی یه بخش از آدرس ها یا بستن اونها ندارم . بنابراین فکر نمیکنم نیازی به اکسز لیست داشته باشم . روی اکسز سرورم یدونه آدرس آی پی ولید دارم که با اون میتونم به هر آدرسی پینگ بفرستم و جواب بگیرم .
حالا میخوام اون یوزرهایی که بهم وصل میشند هم بتونن از اینترنت این اکسز سرور استفاده کنند .
-
[RIGHT]اینم یک نمونه کانفیگ که بدون هیچ اشکالی داره کار میکنه[/RIGHT]
[LEFT]ip name-server 4.2.2.1
ip name-server 192.9.9.3
!
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
interface Serial0
ip address 217.219.x.x 255.255.255.240
ip nat outside
encapsulation ppp
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
no ip http server
ip nat inside source list 10 interface Serial0 overload
!
access-list 10 permit 192.168.0.0 0.0.0.255
no cdp run
!
control-plane
!
line con 0
line aux 0
line vty 0 4
!
end[/LEFT]
-
ببخشید من یه اشتباه لفظی کردم که گفتم inside رو بذار رو سریال . جا به جا گفتم الان که نوشته های قبلیمو دیدم تعجب کردم ولی این کانفیگو خودم انجام دادم بدون هیچ مشکلی الان داره کار میکنه
-
-
[quote=سیسکو]نسخه IOS شما چند هست ؟[/quote]
12.2
-
آقا اینم کل config ما
[SIZE=3][LEFT][SIZE=3][FONT=Times New Roman]version 12.2[/FONT][/SIZE][/LEFT]
[LEFT][FONT=Times New Roman][SIZE=3]ip subnet-zero[/SIZE][/FONT]
[SIZE=3][FONT=Times New Roman]no ip rcmd domain-lookup[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip name-server 217.219.127.104[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip name-server 217.219.55.104[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip name-server 192.9.9.3[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip name-server 4.2.2.4[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip name-server 4.2.2.1[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip address-pool local[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]interface Ethernet0/0[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip address 192.168.5.1 255.255.255.0[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip access-group 100 in[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip access-group 100 out[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip nat inside[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no ip mroute-cache[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no keepalive[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]full-duplex[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no cdp enable[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]interface Serial0/0[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip address 217.219.xxx.xxx 255.255.255.240[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip access-group 100 in[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip access-group 100 out[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip nat outside[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]encapsulation ppp[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no fair-queue[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no cdp enable[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip nat inside source list 10 interface Serial0/0 overload[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip classless[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]ip route 0.0.0.0 0.0.0.0 Serial0/0 permanent[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no ip http server[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no ip pim bidir-enable[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 10 permit 192.168.0.0 0.0.0.255[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 20 permit 192.168.0.0 0.0.0.255[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 135[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 136[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 137[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 138[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 139[/FONT][/SIZE]
[FONT=Times New Roman][SIZE=3]access-list 100 deny tcp any any eq 1434[/SIZE][/FONT]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 1433[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 4444[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 445[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 593[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 7000[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 16959[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 2222[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 6669[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 27374[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 6711[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 6712[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 6776[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 16660[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 65000[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 27665[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 33270[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 39168[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 26300[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 27444[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 31335[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny tcp any any eq 5000[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 31335[/FONT][/SIZE]
[FONT=Times New Roman][SIZE=3]access-list 100 deny udp any any eq 135[/SIZE][/FONT]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 666[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 90[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 1434[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 1433[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq netbios-ns[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq netbios-ss[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq netbios-dgm[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 995[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 996[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 997[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 998[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 999[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny udp any any eq 10296[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny icmp any any echo[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 deny icmp any any echo-reply[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 100 permit ip any any[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 110 deny tcp any any neq www[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 110 deny tcp host 192.168.0.1 any[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]access-list 110 permit tcp any any[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no cdp run[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]snmp-server community public_it RW 15[/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[FONT=Times New Roman][SIZE=3]line con 0[/SIZE][/FONT]
[SIZE=3][FONT=Times New Roman]line aux 0[/FONT][/SIZE][/LEFT]
[LEFT][SIZE=3][FONT=Times New Roman]![/FONT][/SIZE]
[SIZE=3][FONT=Times New Roman]no scheduler allocate[/FONT][/SIZE]
[FONT=Times New Roman][SIZE=3]end[/SIZE][/FONT][/LEFT]
[RIGHT]من با این config اینترنتم قطع می شه و وقتی ip valid رو میگذارم روی ethernet وصل می شه[/RIGHT]
[/SIZE]
-
اگه توجه بکنی میبینی که تو اینترفیس اترنت دادی [FONT=Times New Roman]ip address 192.168.5.1 255.255.255.0[/FONT]
[FONT=Times New Roman][/FONT]
[FONT=Times New Roman]و access-list 10 permit 192.168.0.0 0.0.0.255[/FONT]
[FONT=Times New Roman][/FONT]
[FONT=Times New Roman]اگه شبکه شما 192.168.5.0 هستتش اینو بذار access-list 10 permit 192.168.5.0 0.0.0.255[/FONT]
[FONT=Times New Roman][/FONT]
[FONT=Times New Roman][/FONT]
-
علی آقا دست گلت درد نکنه راه افتاد
از بقیه آقایون هم کمال تشکر رو دارم
-
این اکسس لیست دور و دراز ممکنه شبکتو از کار بندازه!!
بعید میدونم روتر شما بتونه این بار رو تحمل کنه.
-
ضمن اینکه وظیفه NAt رو هم بر عهده داره.