-
Nat Problem
[SIZE=3][RIGHT][SIZE=2]سلام دوستان [/SIZE]
[/SIZE][SIZE=2]اين کا نفيگ روتر يه آشناست که واسه اون [FONT=Tahoma]nat[/FONT] راه انداختم که يه مشکلی داره [/SIZE]
[SIZE=2]وقتی [FONT=Tahoma]user[/FONT] وصل ميشه [FONT=Tahoma]ping 4.2.2.4[/FONT] رو داره با [FONT=Tahoma]ping[/FONT] ياهو ولی Page باز نميکنه [/SIZE]
[SIZE=2]وقتی روی کلا ينتnetstat -a -n ميگيرم پو رت 80 روSYN نشون ميده يعنیEstablish نميکنه [/SIZE]
[SIZE=2]اشکال کجاست با تشکر [/SIZE]
[SIZE=2] [/SIZE][/RIGHT]
[LEFT][SIZE=2]
logging buffered 10000 debugging
logging history errors
aaa new-model
aaa authentication login default local
aaa authentication ppp default group radius local
aaa authorization network default group radius local
aaa accounting update newinfo
aaa accounting network default start-stop group radius
aaa accounting system default start-stop group radius
enable secret 5 $1$mT4h$eS9xzg6QEMq8MgPwziGbe0
!
username admin privilege 15 password 7 456hjyy46456jkhk4646sd66tyug97123
spe 1/0 2/9
firmware location flash:pw2621.ios
!
!
resource-pool disable
!!
clock timezone IRT 3 30
ip subnet-zero
no ip source-route
no ip icmp rate-limit unreachable
ip rcmd rsh-enable
ip tcp selective-ack
ip tcp synwait-time 10
ip name-server 217.218.155.104
ip name-server 217.218.127.104
ip name-server 192.9.9.3
!
isdn switch-type primary-net5
mta receive maximum-recipients 0
!
!
controller E1 0
clock source line primary
pri-group timeslots 1-31
!
controller E1 1
shutdown
clock source line secondary 1
pri-group timeslots 1-31
!
controller E1 2
shutdown
!
controller E1 3
shutdown
!
!
!
!
interface Ethernet0
ip address 10.186.100.251 255.255.255.0
ip nat inside
no ip mroute-cache
no cdp enable
!
interface Serial0:15
ip unnumbered Ethernet0
encapsulation ppp
no keepalive
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
peer default ip address pool NAT
no cdp enable
ppp authentication chap pap ms-chap
!
interface Serial1:15
ip unnumbered Ethernet0
encapsulation ppp
no keepalive
shutdown
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn incoming-voice modem
peer default ip address pool NAT
no cdp enable
ppp authentication chap pap ms-chap
!
interface FastEthernet0
ip address 80.191.X.X 255.255.255.192
ip nat outside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Group-Async1
ip unnumbered Ethernet0
no ip unreachables
ip nat inside
encapsulation ppp
ip tcp header-compression
async mode dedicated
peer default ip address pool NAT
ppp authentication chap pap ms-chap
group-range 1 120
!
interface Dialer1
ip unnumbered Ethernet0
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 80000
dialer-group 1
peer default ip address pool NAT
no cdp enable
ppp authentication chap pap ms-chap
!
ip local pool NAT 10.186.100.2 10.186.100.140
ip nat inside source list 100 interface FastEthernet0 overload
ip classless
no ip forward-protocol udp bootps
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
ip route 0.0.0.0 0.0.0.0 80.191.X.Y
no ip http server
!
access-list 100 permit ip 10.186.100.0 0.0.0.255 any
access-list 115 deny tcp any any eq finger
access-list 115 deny tcp any any eq 135
access-list 115 deny tcp any any eq 137
access-list 115 deny tcp any any eq 138
access-list 115 deny tcp any any eq 139
access-list 115 deny tcp any any eq 445
access-list 115 deny tcp any any eq 666
access-list 115 deny tcp any any eq 707
access-list 115 deny tcp any any eq 6667
access-list 115 deny tcp any any eq 9996
access-list 115 deny tcp any any eq tacacs
access-list 115 deny udp any any eq 135
access-list 115 deny udp any any eq netbios-dgm
access-list 115 deny udp any any eq netbios-ss
access-list 115 deny ip host 0.0.0.0 any
access-list 115 deny ip 127.0.0.0 0.255.255.255 any
access-list 115 permit ip any any
!
radius-server configure-nas
radius-server host 10.186.100.250 auth-port 26164 acct-port 26165
radius-server retransmit 3
radius-server key router
!
line con 0
line 1 120
session-timeout 10
no flush-at-activation
modem InOut
modem autoconfigure type mica
transport input all
escape-character NONE
autoselect during-login
autoselect ppp
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 0216144B5C53uyt456erte4etert5C70
logging synchronous
!
scheduler interval 500
end[/SIZE][/LEFT]
-
Default Gateway دستگاه Cache Server هست ؟
-
Nat Problem
[SIZE=3][RIGHT]سلام دوست عزيز
هيچ کش سروری تو مدا ر نيست
[/RIGHT]
[/SIZE]
-
روی چند تا سیستم تست کردید؟...من 2-3 روزه همچین مشکلی پیدا کردم..مجبورم سیستم رو restart کنم...سیستمم قاط زده...در ضمن شما فایروال دیگه ای ندارید؟
-
Nat Problem
[RIGHT][SIZE=2]سلام دوست عزيز [/SIZE]
[SIZE=2]هيچ فايروالی ندارم [/SIZE][/RIGHT]
[SIZE=2][/SIZE]
[SIZE=2][/SIZE]
-
[RIGHT][RTL]حتما مشکل DNS Server هست مگرنه دلیل دیگه ای به نظر نمیاد[/RTL][/RIGHT]
-
DNS سرور هاتون رو عوض کنید :
[LEFT]p name-server 217.218.155.104
ip name-server 217.218.127.104
ip name-server 192.9.9.3[/LEFT]
یا حداقل ترتیب قرار گرفتنشون رو، پیشنهاد میکنم از 4.2.2.1 و 4.2.2.2 و 4.2.2.3 و 4.2.2.4 استفاده کنید .
