The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

форумы  помощь  поиск  регистрация  майллист  вход/выход  слежка  RSS
"SMTP через  NAT! не работает разве?"
Вариант для распечатки  
Пред. тема | След. тема 
Форумы Маршрутизаторы CISCO и др. оборудование. (Public)
Изначальное сообщение [ Отслеживать ]

"SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 00:48 
Всем добрый вечер!
Очередной траблшут меня застал врасплох. Если кто-то сталкивался с такой проблемой? или возможно знает как ее решить, подскажите плиз.

Такая ситуация: Некоторые клиенты с приватными адрессами не могут через почтовые программы (the bat, outlook)отправить почту, хотя принимают отлично по pop.
При отправке письма не осуществляеться даже соеденения с почтовым сервером.. через который они отправляют и принимают почту. Когда меняю клиенту на реал-айпи.. тогда все нормально работает - отправляет и принимает.
На циске 25 порт аксесс-листами не закрытый. Кроме того отправка через snmp.mail.ru, snmp.gmail.com, snmp.ukr.net происходит нормально, а вот скажем через ccg.org.ua, mx1.mirohost.net уже не получаеться.
Тут ясно что проблема именно с НАТом.. но может кто-то подскажет как выбраться из даной ситуации? возможно надо какой-либо дополнительный ацес-лист привязаный к приватной айпишке клиента? или дополнительная комманда на киске?

Высказать мнение | Ответить | Правка | Cообщить модератору

 Оглавление

Сообщения по теме [Сортировка по времени | RSS]


1. "SMTP через  NAT! не работает разве?"  
Сообщение от CrAzOiD (ok) on 27-Мрт-08, 00:58 
>[оверквотинг удален]
>(the bat, outlook)отправить почту, хотя принимают отлично по pop.
>При отправке письма не осуществляеться даже соеденения с почтовым сервером.. через который
>они отправляют и принимают почту. Когда меняю клиенту на реал-айпи.. тогда
>все нормально работает - отправляет и принимает.
>На циске 25 порт аксесс-листами не закрытый. Кроме того отправка через snmp.mail.ru,
>snmp.gmail.com, snmp.ukr.net происходит нормально, а вот скажем через ccg.org.ua, mx1.mirohost.net уже
>не получаеться.
>Тут ясно что проблема именно с НАТом.. но может кто-то подскажет как
>выбраться из даной ситуации? возможно надо какой-либо дополнительный ацес-лист привязаный к
>приватной айпишке клиента? или дополнительная комманда на киске?

помогает гадание на кофейной гуще...
покажите хоть что у вас нам настроено, с натом таких проблем быть не должно, как вы описали

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

2. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 01:19 

>помогает гадание на кофейной гуще...
>покажите хоть что у вас нам настроено, с натом таких проблем быть
>не должно, как вы описали

Это аксес-лист на внешнем интерфейсе киски

ip access-list extended CISCO-IN
remark -= Accept any to SMTP and DNS service =-
permit tcp any any eq smtp
permit tcp any any eq domain
remark -= SSH to SoftSwich =-
permit tcp any host 91.ххх.ххх.237 eq 22
remark -= Filter rules (TCP)  =-
deny   tcp any any eq 3306
deny   tcp any any range 135 139
deny   tcp any any range 2601 2606
deny   tcp any any range 1812 1813
deny   tcp any any range 1645 1646
deny   tcp any any eq pop3
deny   tcp any any eq telnet
deny   tcp any any eq www
deny   tcp any any eq ftp
deny   tcp any any range 0 1023
remark -= Filter rules (UDP)  =-
deny   udp any any eq 499
deny   udp any any eq 455
deny   udp any any eq tftp
deny   udp any any range 0 1023
deny   udp 80.67.240.0 0.0.3.255 any
deny   udp any any range 135 netbios-ss
remark -= Other filter rules =-
permit icmp any host 10.127.255.209
deny   ip any host 10.127.255.209
permit tcp any host 193.ххх.ххх.ххх eq www
deny   tcp any any eq 22
permit ip any any


ip nat pool NEW 91.ххх.ххх.ххх 91.ххх.ххх.ххх netmask 255.255.255.248
ip nat inside source list NAT pool NEW overload


ip access-list extended NAT
deny   ip host 192.168.181.5 any
permit ip host 192.168.57.253 any
permit ip host 192.168.180.6 any
permit tcp 192.168.180.24 0.0.0.7 any eq www
permit ip 192.168.180.24 0.0.0.7 any
permit tcp 192.168.181.0 0.0.0.255 any eq www
permit ip 192.168.181.0 0.0.0.255 any
permit tcp 192.168.183.0 0.0.0.255 any eq www
permit ip 192.168.183.0 0.0.0.255 any
permit tcp 192.168.102.0 0.0.0.255 any eq www
permit ip 192.168.102.0 0.0.0.255 any
permit tcp 192.168.103.0 0.0.0.255 any eq www
permit ip 192.168.103.0 0.0.0.255 any
permit tcp 192.168.180.32 0.0.0.15 any eq www
permit ip 192.168.180.32 0.0.0.15 any
permit tcp 192.168.185.0 0.0.0.255 any eq www
permit ip 192.168.185.0 0.0.0.255 any


ммм.. еще надо какие-нибудь кофижки?
permit tcp 192.168.187.0 0.0.0.255 any eq www
permit tcp 192.168.186.0 0.0.0.255 any eq www
permit ip 192.168.186.0 0.0.0.255 any
permit ip 192.168.187.0 0.0.0.255 any

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

3. "SMTP через  NAT! не работает разве?"  
Сообщение от CrAzOiD (ok) on 27-Мрт-08, 01:32 
>[оверквотинг удален]
> deny   udp any any eq tftp
> deny   udp any any range 0 1023
> deny   udp 80.67.240.0 0.0.3.255 any
> deny   udp any any range 135 netbios-ss
> remark -= Other filter rules =-
> permit icmp any host 10.127.255.209
> deny   ip any host 10.127.255.209
> permit tcp any host 193.ххх.ххх.ххх eq www
> deny   tcp any any eq 22
> permit ip any any

Странный входящий ACL...
Уберите его и проверьте соединения. После этого верните обратно и смотрите что вы режете не так.
А вообще используйте inspect

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

4. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 01:38 
>[оверквотинг удален]
>> permit icmp any host 10.127.255.209
>> deny   ip any host 10.127.255.209
>> permit tcp any host 193.ххх.ххх.ххх eq www
>> deny   tcp any any eq 22
>> permit ip any any
>
>Странный входящий ACL...
>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>вы режете не так.
>А вообще используйте inspect

ок.. попробую убрать. А что за нспект?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

5. "SMTP через  NAT! не работает разве?"  
Сообщение от CrAzOiD (ok) on 27-Мрт-08, 02:00 
>[оверквотинг удален]
>>> permit tcp any host 193.ххх.ххх.ххх eq www
>>> deny   tcp any any eq 22
>>> permit ip any any
>>
>>Странный входящий ACL...
>>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>>вы режете не так.
>>А вообще используйте inspect
>
>ок.. попробую убрать. А что за нспект?

ip inspect
в числе прочих функций то что называют "connection tracking"

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

6. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 02:02 
>[оверквотинг удален]
>>>
>>>Странный входящий ACL...
>>>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>>>вы режете не так.
>>>А вообще используйте inspect
>>
>>ок.. попробую убрать. А что за нспект?
>
>ip inspect
>в числе прочих функций то что называют "connection tracking"

хм.. мало что понял, если честно!

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

7. "SMTP через  NAT! не работает разве?"  
Сообщение от KiM on 27-Мрт-08, 08:08 
>[оверквотинг удален]
>>>>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>>>>вы режете не так.
>>>>А вообще используйте inspect
>>>
>>>ок.. попробую убрать. А что за нспект?
>>
>>ip inspect
>>в числе прочих функций то что называют "connection tracking"
>
>хм.. мало что понял, если честно!

сразу и не понять:)))
надо читать что это. вещь замечательная щас сам разбираюсь с ней

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

8. "SMTP через  NAT! не работает разве?"  
Сообщение от CrAzOiD (ok) on 27-Мрт-08, 10:07 
>[оверквотинг удален]
>>>>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>>>>вы режете не так.
>>>>А вообще используйте inspect
>>>
>>>ок.. попробую убрать. А что за нспект?
>>
>>ip inspect
>>в числе прочих функций то что называют "connection tracking"
>
>хм.. мало что понял, если честно!

http://www.cisco.com/en/US/docs/ios/12_4/secure/configuratio...

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

9. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 12:04 
>[оверквотинг удален]
>> permit icmp any host 10.127.255.209
>> deny   ip any host 10.127.255.209
>> permit tcp any host 193.ххх.ххх.ххх eq www
>> deny   tcp any any eq 22
>> permit ip any any
>
>Странный входящий ACL...
>Уберите его и проверьте соединения. После этого верните обратно и смотрите что
>вы режете не так.
>А вообще используйте inspect

И ацес-лист вытер и с интерфейса его снял... нифига!
Не отправляется и все.. и по телнету не заходит! ((( я про сервера ccg.org.ua и mx1.mirohost.net
В чем же может быть проблема? При чем !только! не отправляеться.. принимаеться нормально. И там и там используеться 25 порт... хотя я и 465 и 587 пробовал.. безрезультатно!

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

10. "SMTP через  NAT! не работает разве?"  
Сообщение от nikl (ok) on 27-Мрт-08, 12:13 
>И ацес-лист вытер и с интерфейса его снял... нифига!
>Не отправляется и все.. и по телнету не заходит! ((( я про
>сервера ccg.org.ua и mx1.mirohost.net
>В чем же может быть проблема? При чем !только! не отправляеться.. принимаеться
>нормально. И там и там используеться 25 порт... хотя я и
>465 и 587 пробовал.. безрезультатно!

покажите sh run int для внешнего и внутреннего интерфейсов

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

11. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 12:20 
>>И ацес-лист вытер и с интерфейса его снял... нифига!
>>Не отправляется и все.. и по телнету не заходит! ((( я про
>>сервера ccg.org.ua и mx1.mirohost.net
>>В чем же может быть проблема? При чем !только! не отправляеться.. принимаеться
>>нормально. И там и там используеться 25 порт... хотя я и
>>465 и 587 пробовал.. безрезультатно!
>
>покажите sh run int для внешнего и внутреннего интерфейсов

Это внутренний интерфейс:

TTAS5350#sh int fa 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0012.0048.f2f6 (bia 0012.0048.f2f6)
  Description: to CatalysT
  Internet address is 192.168.180.5/30
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 19/255, rxload 4/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/4096/0/791987 (size/max/drops/flushes); Total output drops: 2682924
  Queueing strategy: fifo
  Output queue: 0/4096 (size/max)
  5 minute input rate 1868000 bits/sec, 882 packets/sec
  5 minute output rate 7669000 bits/sec, 1013 packets/sec
     726223201 packets input, 4217896305 bytes
     Received 18369 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     812457320 packets output, 2858268988 bytes, 0 underruns
     0 output errors, 0 collisions, 3 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Это внешний интерфейс:

TTAS5350#sh int fa 0/1
FastEthernet0/1 is up, line protocol is up
  Hardware is Fast Ethernet, address is 0012.0048.f2f7 (bia 0012.0048.f2f7)
  Description: to Polyteh
  Internet address is 10.127.255.209/30
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 251/255, txload 6/255, rxload 21/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 2/4096/0/253569 (size/max/drops/flushes); Total output drops: 8268
  Queueing strategy: fifo
  Output queue: 0/4096 (size/max)
  5 minute input rate 8415000 bits/sec, 1933 packets/sec
  5 minute output rate 2536000 bits/sec, 1805 packets/sec
     1947355756 packets input, 4035427444 bytes
     Received 36191 broadcasts, 0 runts, 0 giants, 0 throttles
     54373726 input errors, 54373726 CRC, 28088543 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     1858734819 packets output, 1911614667 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out


И через что мугет ерроры возникать? (54373726 input errors, 54373726 CRC).. связаные с чек-суммой.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

12. "SMTP через  NAT! не работает разве?"  
Сообщение от nikl (ok) on 27-Мрт-08, 12:27 
>>покажите sh run int для внешнего и внутреннего интерфейсов
>
>Это внутренний интерфейс:

все-таки не sh int fa0/0, а sh run int fa0/0
и для второго..

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

13. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 13:32 
>>>покажите sh run int для внешнего и внутреннего интерфейсов
>>
>>Это внутренний интерфейс:
>
>все-таки не sh int fa0/0, а sh run int fa0/0
>и для второго..

для внутрешнего:

TTAS5350#sh run int fa 0/0
Building configuration...

Current configuration : 10214 bytes
!
interface FastEthernet0/0
description to CatalysT
ip address 192.168.180.5 255.255.255.252
ip access-group DIALUP out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip tcp adjust-mss 1452
duplex full
speed 100
traffic-shape group 101 768000 768000 768000 1000
traffic-shape group 102 768000 768000 768000 1000
traffic-shape group 103 768000 768000 768000 1000
traffic-shape group 104 768000 768000 768000 1000
traffic-shape group 105 768000 768000 768000 1000
traffic-shape group 106 768000 768000 768000 1000
traffic-shape group 107 768000 768000 768000 1000
traffic-shape group 108 768000 768000 768000 1000
traffic-shape group 109 768000 768000 768000 1000
traffic-shape group 110 768000 768000 768000 1000
traffic-shape group 111 768000 768000 768000 1000
traffic-shape group 112 768000 768000 768000 1000
traffic-shape group 113 768000 768000 768000 1000
traffic-shape group 114 1024000 832000 832000 1000
traffic-shape group 115 768000 768000 768000 1000
traffic-shape group 116 768000 768000 768000 1000
traffic-shape group 117 768000 768000 768000 1000
traffic-shape group 118 512000 512000 512000 1000
traffic-shape group 119 832000 832000 832000 1000
traffic-shape group 120 768000 768000 768000 1000
traffic-shape group 121 768000 768000 768000 1000
traffic-shape group 122 768000 768000 768000 1000
traffic-shape group 123 768000 768000 768000 1000
traffic-shape group 124 1024000 512000 512000 1000
traffic-shape group 125 768000 768000 768000 1000
traffic-shape group 126 768000 768000 768000 1000
traffic-shape group 127 768000 768000 768000 1000
traffic-shape group 128 768000 768000 768000 1000
traffic-shape group 129 768000 768000 768000 1000
traffic-shape group 130 768000 768000 768000 1000
traffic-shape group 131 768000 768000 768000 1000
traffic-shape group 132 768000 768000 768000 1000
traffic-shape group 133 768000 768000 768000 1000
traffic-shape group 134 512000 512000 512000 1000
traffic-shape group 135 768000 768000 768000 1000
traffic-shape group 136 768000 768000 768000 1000
traffic-shape group 137 768000 768000 768000 1000
traffic-shape group 138 768000 768000 768000 1000
traffic-shape group 139 768000 768000 768000 1000
traffic-shape group 140 768000 768000 768000 1000
traffic-shape group 141 768000 768000 768000 1000
traffic-shape group 142 768000 768000 768000 1000
traffic-shape group 143 768000 768000 768000 1000
traffic-shape group 144 832000 832000 832000 1000
traffic-shape group 145 768000 768000 768000 1000
traffic-shape group 146 768000 768000 768000 1000
traffic-shape group 147 768000 768000 768000 1000
traffic-shape group 148 768000 768000 768000 1000
traffic-shape group 149 768000 768000 768000 1000
traffic-shape group 150 768000 768000 768000 1000
traffic-shape group 151 768000 768000 768000 1000
traffic-shape group 152 832000 832000 832000 1000
traffic-shape group 153 768000 768000 768000 1000
traffic-shape group 154 768000 768000 768000 1000
traffic-shape group 155 768000 768000 768000 1000
traffic-shape group 156 768000 768000 768000 1000
traffic-shape group 157 768000 768000 768000 1000
traffic-shape group 158 768000 768000 768000 1000
traffic-shape group 159 768000 768000 768000 1000
traffic-shape group 160 768000 768000 768000 1000
traffic-shape group 161 768000 768000 768000 1000
traffic-shape group 162 768000 768000 768000 1000
traffic-shape group 163 768000 768000 768000 1000
traffic-shape group 164 768000 768000 768000 1000
traffic-shape group 165 768000 768000 768000 1000
traffic-shape group 166 768000 768000 768000 1000
traffic-shape group 167 768000 768000 768000 1000
traffic-shape group 168 768000 768000 768000 1000
traffic-shape group 169 768000 768000 768000 1000
traffic-shape group 170 768000 768000 768000 1000
traffic-shape group 171 768000 768000 768000 1000
traffic-shape group 172 768000 768000 768000 1000
traffic-shape group 173 768000 768000 768000 1000
traffic-shape group 174 768000 768000 768000 1000
traffic-shape group 175 768000 768000 768000 1000
traffic-shape group 176 768000 768000 768000 1000
traffic-shape group 177 896000 896000 896000 1000
traffic-shape group 178 768000 768000 768000 1000
traffic-shape group 179 768000 768000 768000 1000
traffic-shape group 180 768000 768000 768000 1000
traffic-shape group 181 768000 768000 768000 1000
traffic-shape group 182 768000 768000 768000 1000
traffic-shape group 183 768000 768000 768000 1000
traffic-shape group 184 768000 768000 768000 1000
traffic-shape group 185 768000 768000 768000 1000
traffic-shape group 186 768000 768000 768000 1000
traffic-shape group 187 768000 768000 768000 1000
traffic-shape group 188 768000 768000 768000 1000
traffic-shape group 189 768000 768000 768000 1000
traffic-shape group 190 768000 768000 768000 1000
traffic-shape group 191 768000 768000 768000 1000
traffic-shape group 192 832000 832000 832000 1000
traffic-shape group 193 768000 768000 768000 1000
traffic-shape group 194 768000 768000 768000 1000
traffic-shape group 195 768000 768000 768000 1000
traffic-shape group 196 768000 768000 768000 1000
traffic-shape group 197 768000 768000 768000 1000
traffic-shape group 198 832000 832000 832000 1000
traffic-shape group 199 768000 768000 768000 1000
traffic-shape group 2000 768000 768000 768000 1000
traffic-shape group 2001 768000 768000 768000 1000
traffic-shape group 2002 768000 768000 768000 1000
traffic-shape group 2003 768000 768000 768000 1000
traffic-shape group 2004 768000 768000 768000 1000
traffic-shape group 2005 832000 832000 832000 1000
traffic-shape group 2006 768000 768000 768000 1000
traffic-shape group 2007 768000 768000 768000 1000
traffic-shape group 2008 768000 768000 768000 1000
traffic-shape group 2009 768000 768000 768000 1000
traffic-shape group 2010 768000 768000 768000 1000
traffic-shape group 2011 768000 768000 768000 1000
traffic-shape group 2012 768000 768000 768000 1000
traffic-shape group 2013 768000 768000 768000 1000
traffic-shape group 2014 768000 768000 768000 1000
traffic-shape group 2016 832000 832000 768000 1000
traffic-shape group 2017 768000 768000 768000 1000
traffic-shape group 2018 768000 768000 768000 1000
traffic-shape group 2019 768000 768000 768000 1000
traffic-shape group 2020 768000 768000 768000 1000
traffic-shape group 2021 768000 768000 768000 1000
traffic-shape group 2022 768000 768000 768000 1000
traffic-shape group 2023 768000 768000 768000 1000
traffic-shape group 2024 768000 768000 768000 1000
traffic-shape group 2025 768000 768000 768000 1000
traffic-shape group 2026 768000 768000 768000 1000
traffic-shape group 2027 768000 768000 768000 1000
traffic-shape group 2028 768000 768000 768000 1000
traffic-shape group 2029 768000 768000 768000 1000
traffic-shape group 2030 768000 768000 768000 1000
traffic-shape group 2031 768000 768000 768000 1000
traffic-shape group 2032 768000 768000 768000 1000
traffic-shape group 2033 768000 768000 768000 1000
traffic-shape group 2034 768000 768000 768000 1000
traffic-shape group 2035 768000 768000 768000 1000
traffic-shape group 2036 512000 512000 512000 1000
traffic-shape group 2037 768000 768000 768000 1000
traffic-shape group 2038 512000 512000 512000 1000
traffic-shape group 2039 768000 768000 768000 1000
traffic-shape group 2040 512000 512000 512000 1000
traffic-shape group 2041 768000 768000 768000 1000
traffic-shape group 2042 768000 768000 768000 1000
traffic-shape group 2043 512000 512000 512000 1000
traffic-shape group 2044 512000 512000 512000 1000
traffic-shape group 2045 512000 512000 512000 1000
traffic-shape group 2046 512000 512000 512000 1000
traffic-shape group 2047 512000 512000 512000 1000
traffic-shape group 2048 512000 512000 512000 1000
traffic-shape group 2049 768000 768000 512000 1000
traffic-shape group 2050 512000 512000 512000 1000
traffic-shape group 2051 512000 512000 512000 1000
traffic-shape group 2052 512000 512000 512000 1000
traffic-shape group 2053 512000 512000 512000 1000
traffic-shape group 2054 768000 768000 768000 1000
traffic-shape group 2055 512000 512000 512000 1000
traffic-shape group 2056 512000 512000 512000 1000
traffic-shape group 2057 768000 768000 768000 1000
traffic-shape group 2058 832000 832000 832000 1000
traffic-shape group 2059 768000 768000 768000 1000
traffic-shape group 2060 768000 768000 768000 1000
traffic-shape group 2061 768000 768000 768000 1000
traffic-shape group 2062 768000 768000 768000 1000
traffic-shape group 2063 768000 768000 768000 1000
traffic-shape group 2064 768000 768000 768000 1000
traffic-shape group 2065 768000 768000 768000 1000
traffic-shape group 2066 768000 768000 768000 1000
traffic-shape group 2067 896000 896000 896000 1000
traffic-shape group 2068 768000 768000 768000 1000
traffic-shape group 2069 512000 512000 512000 1000
traffic-shape group 2015 768000 768000 768000 1000
traffic-shape group 2071 768000 768000 768000 1000
traffic-shape group 2072 768000 768000 768000 1000
traffic-shape group 2073 768000 768000 768000 1000
traffic-shape group 2074 768000 768000 768000 1000
traffic-shape group 2075 768000 768000 768000 1000
traffic-shape group 2076 768000 768000 768000 1000
traffic-shape group 2077 768000 768000 768000 1000
traffic-shape group 2078 768000 768000 768000 1000
traffic-shape group 2079 768000 768000 768000 1000
traffic-shape group 2080 768000 768000 768000 1000
traffic-shape group 2081 768000 768000 768000 1000
traffic-shape group 2083 768000 768000 768000 1000
traffic-shape group 2084 768000 768000 768000 1000
traffic-shape group 2085 768000 768000 768000 1000
traffic-shape group 2086 768000 768000 768000 1000
traffic-shape group 2087 768000 768000 768000 1000
traffic-shape group 2088 768000 768000 768000 1000
traffic-shape group 2089 768000 768000 768000 1000
traffic-shape group 2090 768000 768000 768000 1000
traffic-shape group 2091 768000 768000 768000 1000
traffic-shape group 2092 768000 768000 768000 1000
traffic-shape group 2082 768000 768000 768000 1000
traffic-shape group 2093 768000 768000 768000 1000
traffic-shape group 2094 768000 768000 768000 1000
end


для внешнего:

TTAS5350#sh run int fa 0/1
Building configuration...

Current configuration : 1844 bytes
!
interface FastEthernet0/1
description to Polyteh
ip address 10.127.255.209 255.255.255.252
ip access-group CISCO-IN in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat outside
duplex full
speed 100
traffic-shape group 1 65536 8192 8192 1000
traffic-shape group 2 65536 8192 8192 1000
traffic-shape group 3 65536 8192 8192 1000
traffic-shape group 4 65536 8192 8192 1000
traffic-shape group 5 65536 8192 8192 1000
traffic-shape group 6 65536 8192 8192 1000
traffic-shape group 7 65536 8192 8192 1000
traffic-shape group 8 65536 8192 8192 1000
traffic-shape group 9 768000 768000 768000 1000
traffic-shape group 10 65536 8192 8192 1000
traffic-shape group 11 512000 512000 512000 1000
traffic-shape group 12 65536 8192 8192 1000
traffic-shape group 13 65536 8192 8192 1000
traffic-shape group 14 65536 8192 8192 1000
traffic-shape group 15 768000 768000 768000 1000
traffic-shape group 16 260000 7800 7800 1000
traffic-shape group 17 264166 33016 33016 1000
traffic-shape group 18 256000 7936 7936 1000
traffic-shape group 19 512000 512000 512000 1000
traffic-shape group 20 768000 768000 768000 1000
traffic-shape group 21 260000 7800 7800 1000
traffic-shape group 22 832000 832000 832000 1000
traffic-shape group 23 768000 512000 512000 1000
traffic-shape group 24 512000 12800 12800 1000
traffic-shape group 25 768000 768000 768000 1000
traffic-shape group 26 512000 12800 12800 1000
traffic-shape group 28 768000 768000 768000 1000
traffic-shape group 29 512000 12800 12800 1000
traffic-shape group 30 768000 512000 512000 1000
traffic-shape group 31 512000 12800 12800 1000
traffic-shape group 27 768000 768000 768000 1000
traffic-shape group 32 768000 768000 768000 1000
traffic-shape group 33 768000 768000 768000 1000
end

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

14. "SMTP через  NAT! не работает разве?"  
Сообщение от nikl (ok) on 27-Мрт-08, 13:42 
>[оверквотинг удален]
> ip address 10.127.255.209 255.255.255.252
> ip access-group CISCO-IN in
> ip verify unicast reverse-path
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip accounting output-packets
> ip nat outside
> duplex full
> speed 100

а может проблема выше вашей циски?
например выше стоит PIX, тогда читайте тут:
http://support.microsoft.com/kb/295725

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

15. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 27-Мрт-08, 15:40 
>[оверквотинг удален]
>> no ip unreachables
>> no ip proxy-arp
>> ip accounting output-packets
>> ip nat outside
>> duplex full
>> speed 100
>
>а может проблема выше вашей циски?
>например выше стоит PIX, тогда читайте тут:
>http://support.microsoft.com/kb/295725

Ну скажем 2525 порт для smtp.mail.ru, 465 порт для smtp.ukr.net и для smtp.gmail.com работает.
Может быть проблема перед нами?

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

16. "SMTP через  NAT! не работает разве?"  
Сообщение от dxer on 27-Мрт-08, 23:45 
Может попробовать с route-map в правило nat ась?

Вообще весь конфиг хотелось бы видеть.

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

17. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 28-Мрт-08, 01:04 
>Может попробовать с route-map в правило nat ась?
>
>Вообще весь конфиг хотелось бы видеть.

!
! Last configuration change at 11:29:46 UA Fri Feb 22 2008 by TrEK
! NVRAM config last updated at 09:03:55 UA Fri Feb 22 2008 by TrEK
!
version 12.3
service exec-callback
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname TTAS5350
!
boot-start-marker
no boot startup-test
boot-end-marker
!
logging buffered errors
logging reload informational
enable secret 5 $1$K9hB$zN51w/va2UeJctyWaVSjs1
enable password 7 07222F1F435917541C
!
username dima password 7 070C20584F054A504142
username callmeback callback-dialstring "" password 7 070D204F45
username fibre callback-dialstring 257092
username po1ic3man callback-dialstring 259741
username dimaback callback-dialstring "" password 7 1546585A557C73
username stat password 7 073C35787A080D1103405B5C54
username artur privilege 15 password 7 02240B0C200E1B0C
username TrEK privilege 15 password 7 094D5D3A1C170117195C533E392123
!
!
resource-pool enable
resource-pool call treatment resource busy
!
resource-pool group resource group1
range port 1/0 1/29
!
resource-pool group resource group2
range port 1/30 1/59
!
resource-pool profile customer MODEMS
limit base-size all
limit overflow-size 0
resource group1 speech  
dnis group group1
!
resource-pool profile customer VoIP
limit base-size all
limit overflow-size 0
resource group1 speech  
dnis group group2
clock timezone UA -1 20
clock calendar-valid
spe default-firmware spe-firmware-1
aaa new-model
!
!
aaa authentication login default local
aaa authentication ppp default group radius local
aaa authorization network default group radius local
aaa accounting update newinfo
aaa accounting network default start-stop group radius
aaa accounting connection default start-stop group radius
aaa accounting system default start-stop group radius
aaa session-id common
ip subnet-zero
no ip source-route
ip rcmd rsh-enable
ip rcmd remote-host stat xxx.xxx.xxx.10 giperion enable
!
!
ip cef
ip ftp username dvv
ip ftp password 7 082D464D071F0E1D52
ip domain name ssft.net
ip name-server xxx.xxx.xxx.8
ip name-server xxx.xxx.xxx.3
ip dhcp ping packets 0
!
ip address-pool local
async-bootp dns-server xxx.xxx.xxx.35 xxx.xxx.xxx.8
isdn switch-type primary-net5
isdn voice-call-failure 0
chat-script offhook "" "ATH1" OK
chat-script dial ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDT\T" CONNECT \c
chat-script callback ABORT ERROR ABORT BUSY "" "ATZ" OK "ATDt \T" TIMEOUT 30 CONNECT \c
!
voice call send-alert
voice rtp send-recv
!
!
!
!
!
!
!
!
!
!
!
!
!
controller E1 3/0
framing NO-CRC4
pri-group timeslots 1-31
!
controller E1 3/1
framing NO-CRC4
pri-group timeslots 1-31
description 815
!
translation-rule 380
Rule 0 ^1% 3801
Rule 1 ^2% 3802
Rule 2 ^3% 3803
Rule 3 ^4% 3804
Rule 4 ^5% 3805
Rule 5 ^6% 3806
Rule 6 ^7% 3807
Rule 7 ^80% 380
Rule 8 ^9% 3809
!
!
!
interface Loopback0
ip address xxx.xxx.xxx.224 255.255.255.255
ip accounting output-packets
ip policy route-map INET
!
interface FastEthernet0/0
description to CatalysT
ip address 192.168.180.5 255.255.255.252
ip access-group DIALUP out
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
ip tcp adjust-mss 1452
duplex full
speed 100
traffic-shape group 124 2048000 768000 768000 1000
traffic-shape group 101 768000 768000 768000 1000
traffic-shape group 103 768000 768000 768000 1000
traffic-shape group 104 768000 768000 768000 1000
traffic-shape group 105 768000 768000 768000 1000
traffic-shape group 106 832000 832000 832000 1000
traffic-shape group 107 832000 832000 832000 1000
traffic-shape group 108 768000 768000 768000 1000
traffic-shape group 109 768000 768000 768000 1000
traffic-shape group 110 768000 768000 768000 1000
traffic-shape group 112 768000 768000 768000 1000
traffic-shape group 114 1536000 1536000 1536000 1000
traffic-shape group 116 768000 768000 768000 1000
traffic-shape group 117 768000 768000 768000 1000
traffic-shape group 120 768000 768000 768000 1000
traffic-shape group 121 768000 768000 768000 1000
traffic-shape group 122 768000 768000 768000 1000
traffic-shape group 123 768000 768000 768000 1000
traffic-shape group 125 768000 768000 768000 1000
traffic-shape group 127 768000 768000 768000 1000
traffic-shape group 128 768000 768000 768000 1000
traffic-shape group 129 768000 768000 768000 1000
traffic-shape group 130 768000 768000 768000 1000
traffic-shape group 131 768000 768000 768000 1000
traffic-shape group 142 768000 768000 768000 1000
traffic-shape group 143 768000 768000 768000 1000
traffic-shape group 144 832000 832000 832000 1000
traffic-shape group 145 768000 768000 768000 1000
traffic-shape group 146 768000 768000 768000 1000
traffic-shape group 147 1024000 1024000 1024000 1000
traffic-shape group 148 768000 768000 768000 1000
traffic-shape group 149 768000 768000 768000 1000
traffic-shape group 150 768000 768000 768000 1000
traffic-shape group 151 768000 768000 768000 1000
traffic-shape group 174 768000 768000 768000 1000
traffic-shape group 175 768000 768000 768000 1000
traffic-shape group 176 768000 768000 768000 1000
traffic-shape group 177 768000 768000 768000 1000
traffic-shape group 178 768000 768000 768000 1000
traffic-shape group 179 768000 768000 768000 1000
traffic-shape group 180 768000 768000 768000 1000
traffic-shape group 181 768000 768000 768000 1000
traffic-shape group 182 768000 768000 768000 1000
traffic-shape group 183 768000 768000 768000 1000
traffic-shape group 184 768000 768000 768000 1000
traffic-shape group 185 768000 768000 768000 1000
traffic-shape group 186 768000 768000 768000 1000
traffic-shape group 187 768000 768000 768000 1000
traffic-shape group 188 768000 768000 768000 1000
traffic-shape group 189 768000 768000 768000 1000
traffic-shape group 190 768000 768000 768000 1000
traffic-shape group 191 768000 768000 768000 1000
traffic-shape group 193 768000 768000 768000 1000
traffic-shape group 194 768000 768000 768000 1000
traffic-shape group 195 768000 768000 768000 1000
traffic-shape group 196 768000 768000 768000 1000
traffic-shape group 197 768000 768000 768000 1000
traffic-shape group 198 768000 768000 768000 1000
traffic-shape group 2000 768000 768000 768000 1000
traffic-shape group 2001 768000 768000 768000 1000
traffic-shape group 2002 768000 768000 768000 1000
traffic-shape group 126 768000 768000 768000 1000
traffic-shape group 2003 768000 768000 768000 1000
traffic-shape group 2004 768000 768000 768000 1000
traffic-shape group 2006 768000 768000 768000 1000
traffic-shape group 2007 768000 768000 768000 1000
traffic-shape group 2009 768000 768000 768000 1000
traffic-shape group 2010 768000 768000 768000 1000
traffic-shape group 2011 768000 768000 768000 1000
traffic-shape group 2012 768000 768000 768000 1000
traffic-shape group 2013 768000 768000 768000 1000
traffic-shape group 2014 768000 768000 768000 1000
traffic-shape group 2016 768000 768000 768000 1000
traffic-shape group 2018 768000 768000 768000 1000
traffic-shape group 2019 768000 768000 768000 1000
traffic-shape group 2020 768000 768000 768000 1000
traffic-shape group 2021 768000 768000 768000 1000
traffic-shape group 2022 768000 768000 768000 1000
traffic-shape group 2023 768000 768000 768000 1000
traffic-shape group 2017 768000 768000 768000 1000
traffic-shape group 2008 768000 768000 768000 1000
traffic-shape group 2024 768000 768000 768000 1000
traffic-shape group 2026 768000 768000 768000 1000
traffic-shape group 2027 768000 768000 768000 1000
traffic-shape group 2028 768000 768000 768000 1000
traffic-shape group 2030 768000 768000 768000 1000
traffic-shape group 111 768000 768000 768000 1000
traffic-shape group 153 768000 768000 768000 1000
traffic-shape group 154 768000 768000 768000 1000
traffic-shape group 152 768000 768000 768000 1000
traffic-shape group 155 768000 768000 768000 1000
traffic-shape group 156 768000 768000 768000 1000
traffic-shape group 157 768000 768000 768000 1000
traffic-shape group 158 768000 768000 768000 1000
traffic-shape group 159 768000 768000 768000 1000
traffic-shape group 160 768000 768000 768000 1000
traffic-shape group 161 768000 768000 768000 1000
traffic-shape group 162 768000 768000 768000 1000
traffic-shape group 163 768000 768000 768000 1000
traffic-shape group 165 768000 768000 768000 1000
traffic-shape group 166 768000 768000 768000 1000
traffic-shape group 167 768000 768000 768000 1000
traffic-shape group 168 768000 768000 768000 1000
traffic-shape group 169 768000 768000 768000 1000
traffic-shape group 170 768000 768000 768000 1000
traffic-shape group 171 768000 768000 768000 1000
traffic-shape group 172 768000 768000 768000 1000
traffic-shape group 173 832000 832000 832000 1000
traffic-shape group 2029 768000 768000 768000 1000
traffic-shape group 2031 768000 768000 768000 1000
traffic-shape group 2032 768000 768000 768000 1000
traffic-shape group 2033 768000 768000 768000 1000
traffic-shape group 2034 768000 768000 768000 1000
traffic-shape group 113 768000 768000 768000 1000
traffic-shape group 2035 768000 768000 768000 1000
traffic-shape group 115 768000 768000 768000 1000
traffic-shape group 132 768000 768000 768000 1000
traffic-shape group 133 768000 768000 768000 1000
traffic-shape group 136 768000 768000 768000 1000
traffic-shape group 137 768000 768000 768000 1000
traffic-shape group 138 768000 768000 768000 1000
traffic-shape group 139 768000 768000 768000 1000
traffic-shape group 140 768000 768000 768000 1000
traffic-shape group 141 768000 768000 768000 1000
traffic-shape group 2015 768000 768000 768000 1000
traffic-shape group 2025 768000 768000 768000 1000
traffic-shape group 2039 832000 832000 832000 1000
traffic-shape group 2036 512000 512000 512000 1000
traffic-shape group 2037 768000 768000 768000 1000
traffic-shape group 2038 512000 512000 512000 1000
traffic-shape group 2040 512000 512000 512000 1000
traffic-shape group 2041 512000 512000 512000 1000
traffic-shape group 2042 512000 512000 512000 1000
traffic-shape group 2043 512000 512000 512000 1000
traffic-shape group 134 832000 768000 768000 1000
traffic-shape group 2044 512000 512000 512000 1000
traffic-shape group 2045 512000 512000 512000 1000
traffic-shape group 2046 512000 512000 512000 1000
traffic-shape group 2047 512000 512000 512000 1000
traffic-shape group 118 512000 512000 512000 1000
traffic-shape group 2048 512000 512000 512000 1000
traffic-shape group 119 512000 512000 512000 1000
traffic-shape group 2050 512000 512000 512000 1000
traffic-shape group 2051 512000 512000 512000 1000
traffic-shape group 2052 512000 512000 512000 1000
traffic-shape group 2053 512000 512000 512000 1000
traffic-shape group 2055 512000 512000 512000 1000
traffic-shape group 2056 512000 512000 512000 1000
traffic-shape group 2057 768000 768000 768000 1000
traffic-shape group 2058 832000 832000 832000 1000
traffic-shape group 2059 768000 768000 768000 1000
traffic-shape group 2061 768000 768000 768000 1000
traffic-shape group 2060 768000 768000 768000 1000
traffic-shape group 2062 768000 768000 768000 1000
traffic-shape group 2063 768000 768000 768000 1000
traffic-shape group 2064 768000 768000 768000 1000
traffic-shape group 2065 768000 768000 768000 1000
traffic-shape group 192 832000 832000 832000 1000
traffic-shape group 2066 768000 768000 768000 1000
traffic-shape group 2067 896000 896000 896000 1000
traffic-shape group 2069 768000 768000 768000 1000
traffic-shape group 2070 768000 768000 768000 1000
traffic-shape group 2075 768000 768000 768000 1000
traffic-shape group 2076 512000 512000 512000 1000
traffic-shape group 2079 768000 768000 768000 1000
traffic-shape group 2200 768000 768000 768000 1000
!
interface FastEthernet0/1
description to Polyteh
ip address 10.127.255.209 255.255.255.252
ip access-group CISCO-IN in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat outside
duplex full
speed 100
traffic-shape group 1 65536 8192 8192 1000
traffic-shape group 2 65536 8192 8192 1000
traffic-shape group 3 65536 8192 8192 1000
traffic-shape group 4 65536 8192 8192 1000
traffic-shape group 5 65536 8192 8192 1000
traffic-shape group 6 65536 8192 8192 1000
traffic-shape group 7 65536 8192 8192 1000
traffic-shape group 8 65536 8192 8192 1000
traffic-shape group 9 768000 768000 768000 1000
traffic-shape group 10 65536 8192 8192 1000
traffic-shape group 11 65536 8192 8192 1000
traffic-shape group 12 65536 8192 8192 1000
traffic-shape group 13 65536 8192 8192 1000
traffic-shape group 14 65536 8192 8192 1000
traffic-shape group 16 260000 7800 7800 1000
traffic-shape group 17 264166 33016 33016 1000
traffic-shape group 18 256000 7936 7936 1000
traffic-shape group 19 260000 7800 7800 1000
traffic-shape group 20 768000 768000 768000 1000
traffic-shape group 21 260000 7800 7800 1000
traffic-shape group 22 832000 832000 832000 1000
traffic-shape group 23 256000 7936 7936 1000
traffic-shape group 24 512000 12800 12800 1000
traffic-shape group 26 768000 768000 768000 1000
traffic-shape group 27 1024000 832000 832000 1000
traffic-shape group 29 512000 12800 12800 1000
traffic-shape group 28 768000 768000 768000 1000
traffic-shape group 30 768000 512000 512000 1000
traffic-shape group 31 512000 12800 12800 1000
traffic-shape group 32 768000 768000 768000 1000
traffic-shape group 2071 768000 768000 768000 1000
!
interface FastEthernet0/1.1
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface Serial3/0:15
no ip address
no ip route-cache cef
no ip route-cache
dialer rotary-group 1
isdn switch-type primary-net5
isdn incoming-voice modem 64
isdn map address .* plan isdn type unknown
isdn calling-number 352550012
isdn send-alerting
isdn sending-complete
no isdn gtd
!
interface Serial3/1:15
no ip address
ip mroute-cache
isdn switch-type primary-net5
isdn protocol-emulate network
isdn incoming-voice modem
isdn guard-timer 20000
isdn T310 50000
isdn send-alerting
isdn outgoing-voice info-transfer-capability 3.1kHz-audio
no cdp enable
!
interface Group-Async0
no ip address
no group-range
!
interface Group-Async1
ip unnumbered FastEthernet0/0
ip broadcast-address 0.0.0.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip nat inside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer in-band
dialer idle-timeout 18000
dialer-group 1
async dynamic address
async dynamic routing
async mode interactive
peer default ip address pool one
keepalive 30 3
ppp callback accept
ppp authentication pap chap ms-chap
group-range 1/00 1/29
!
interface Group-Async2
no ip address
encapsulation ppp
dialer in-band
dialer-group 1
async dynamic address
async dynamic routing
ppp authentication pap chap
group-range 1/30 1/59
!
interface Dialer1
no ip address
!
interface Dialer2
no ip address
!
ip local pool one 192.168.100.1 192.168.100.6
ip nat translation tcp-timeout 3600
ip nat pool DIAL xxx.xxx.xxx.225 xxx.xxx.xxx.225 netmask 255.255.255.252 type match-host
ip nat pool NEW xxx.xxx.xxx.226 xxx.xxx.xxx.226 netmask 255.255.255.248
ip nat inside source list NAT pool NEW overload
ip nat inside source list NAT2 pool DIAL overload
ip nat inside source list nat_in interface FastEthernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 10.127.255.210
ip route 10.0.0.0 255.0.0.0 Loopback0
ip route xxx.xxx.xxx.xxx 255.255.255.0 10.127.255.210
ip route 172.16.0.0 255.240.0.0 Loopback0
ip route 192.168.0.0 255.255.0.0 192.168.180.6
ip route 192.168.183.0 255.255.255.0 192.168.180.6
ip route 192.168.185.0 255.255.255.0 192.168.180.6
ip route 192.168.186.0 255.255.255.0 192.168.180.6
ip route 192.168.187.0 255.255.255.0 192.168.180.6
ip route xxx.xxx.xxx.xxx 255.255.255.0 192.168.180.6

no ip http server
!
!
!
ip access-list standard OFFICE
permit 192.168.181.20
ip access-list standard VTYTELNET
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit 192.168.180.44
permit 192.168.180.37
permit 192.168.180.35
permit any log
!
ip access-list extended CISCO-IN
remark -= Accept any to SMTP and DNS service =-
permit tcp any any eq smtp
permit tcp any any eq domain
remark -= Accept WWW and other service =-
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx range 50 51
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq 22
remark -= Accept WWW =-
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
permit tcp any host xxx.xxx.xxx.xxx eq www
remark -= SSH to SoftSwich =-
permit tcp any host xxx.xxx.xxx.xxx eq 22
remark -= Filter rules (TCP)  =-
deny   tcp any any eq 3306
deny   tcp any any range 135 139
deny   tcp any any range 2601 2606
deny   tcp any any range 1812 1813
deny   tcp any any range 1645 1646
deny   tcp any any eq pop3
deny   tcp any any eq telnet
deny   tcp any any eq www
deny   tcp any any eq ftp
deny   tcp any any range 0 1023
remark -= Filter rules (UDP)  =-
deny   udp any any eq 499
deny   udp any any eq 455
deny   udp any any eq tftp
deny   udp any any range 0 1023
deny   udp 80.67.240.0 0.0.3.255 any
deny   udp any any range 135 netbios-ss
remark -= Other filter rules =-
permit icmp any host 10.127.255.209
deny   ip any host 10.127.255.209
permit tcp any host xxx.xxx.xxx.xxx eq www
deny   tcp any any eq 22
permit ip any any
ip access-list extended CISCO-IN-BC
permit tcp any host xxx.xxx.xxx.xxx eq www
deny   tcp any any eq 3306
deny   tcp any any range 1812 1813
deny   tcp any any range 1645 1646
deny   tcp any any eq pop3
deny   tcp any any eq telnet
deny   tcp any any eq 22
deny   tcp any any eq www
deny   tcp any any eq ftp
permit icmp any host 10.127.255.209
deny   ip any host 10.127.255.209
permit ip any any
deny   udp any any eq tftp
permit tcp any host xxx.xxx.xxx.xxx eq www
ip access-list extended DIALUP
permit ip host 192.168.100.3 any
permit ip host 192.168.100.13 host 192.168.180.35
deny   ip 192.168.0.0 0.0.255.255 192.168.180.0 0.0.0.255
deny   ip 192.168.0.0 0.0.255.255 192.168.181.0 0.0.0.255
deny   ip 192.168.0.0 0.0.255.255 192.168.183.0 0.0.0.255
permit ip any any
deny   ip 192.168.0.0 0.0.255.255 192.168.185.0 0.0.0.255
ip access-list extended NAT
deny   ip host 192.168.181.5 any
permit ip host 192.168.57.253 any
permit ip host 10.127.255.209 any
permit ip host 192.168.180.6 any
permit tcp 192.168.180.24 0.0.0.7 any eq www
permit ip 192.168.180.24 0.0.0.7 any
permit tcp 192.168.181.0 0.0.0.255 any eq www
permit ip 192.168.181.0 0.0.0.255 any
permit tcp 192.168.183.0 0.0.0.255 any eq www
permit ip 192.168.183.0 0.0.0.255 any
permit tcp 192.168.102.0 0.0.0.255 any eq www
permit ip 192.168.102.0 0.0.0.255 any
permit tcp 192.168.103.0 0.0.0.255 any eq www
permit ip 192.168.103.0 0.0.0.255 any
permit tcp 192.168.180.32 0.0.0.15 any eq www
permit ip 192.168.180.32 0.0.0.15 any
permit tcp 192.168.185.0 0.0.0.255 any eq www
permit ip 192.168.185.0 0.0.0.255 any
permit tcp 192.168.187.0 0.0.0.255 any eq www
permit tcp 192.168.186.0 0.0.0.255 any eq www
permit ip 192.168.186.0 0.0.0.255 any
permit ip 192.168.187.0 0.0.0.255 any
ip access-list extended NAT2
permit tcp 192.168.100.0 0.0.0.255 any eq www
permit ip 192.168.100.0 0.0.0.255 any
permit tcp 192.168.101.0 0.0.0.255 any eq www
permit ip 192.168.101.0 0.0.0.255 any
permit tcp 192.168.102.0 0.0.0.255 any eq www
permit ip 192.168.102.0 0.0.0.255 any
permit tcp host 192.168.181.5 any eq www
permit ip host 192.168.181.5 any
permit tcp host 192.168.181.13 any eq www
permit ip host 192.168.181.13 any
logging history errors
logging trap debugging
logging facility local0
logging source-interface FastEthernet0/0
logging 192.168.180.34
access-list 1 permit 192.168.180.26
access-list 2 permit 192.168.180.25
access-list 3 permit 192.168.181.17
access-list 4 permit 192.168.181.18
access-list 5 permit 192.168.181.19
access-list 6 permit 192.168.181.20
access-list 7 permit 192.168.181.5
access-list 8 permit 192.168.181.9
access-list 9 permit 192.168.183.1
access-list 10 permit 192.168.183.5
access-list 11 permit xxx.xxx.xxx.xxx
access-list 11 permit xxx.xxx.xxx.xxx
access-list 12 permit xxx.xxx.xxx.xxx
access-list 13 permit xxx.xxx.xxx.xxx
access-list 14 permit xxx.xxx.xxx.xxx
access-list 16 permit xxx.xxx.xxx.xxx
access-list 17 permit xxx.xxx.xxx.xxx
access-list 18 permit xxx.xxx.xxx.xxx
access-list 19 permit xxx.xxx.xxx.xxx
access-list 20 permit xxx.xxx.xxx.xxx
access-list 21 permit xxx.xxx.xxx.xxx
access-list 22 permit xxx.xxx.xxx.xxx
access-list 22 permit xxx.xxx.xxx.xxx
access-list 22 permit xxx.xxx.xxx.xxx
access-list 22 permit xxx.xxx.xxx.xxx
access-list 22 permit xxx.xxx.xxx.xxx
access-list 23 permit xxx.xxx.xxx.xxx
access-list 24 permit xxx.xxx.xxx.xxx
access-list 25 permit xxx.xxx.xxx.xxx
access-list 26 permit xxx.xxx.xxx.xxx
access-list 27 permit xxx.xxx.xxx.xxx
access-list 28 permit xxx.xxx.xxx.xxx
access-list 29 permit xxx.xxx.xxx.xxx
access-list 30 permit xxx.xxx.xxx.xxx
access-list 31 permit xxx.xxx.xxx.xxx
access-list 32 permit xxx.xxx.xxx.xxx
access-list 101 permit ip any host 192.168.181.101
access-list 103 permit ip any host 192.168.181.17
access-list 104 permit ip any host 192.168.181.18
access-list 105 permit ip any host 192.168.181.19
access-list 106 permit ip any host 192.168.181.20
access-list 106 permit ip any host 192.168.186.45
access-list 106 permit ip any host 192.168.187.25
access-list 106 permit ip any host 192.168.187.29
access-list 107 permit ip any host 192.168.181.5
access-list 107 permit ip any host 192.168.186.37
access-list 108 permit ip any host 192.168.181.9
access-list 109 permit ip any host xxx.xxx.xxx.xxx
access-list 109 permit ip any host xxx.xxx.xxx.xxx
access-list 110 permit ip any host 192.168.183.1
access-list 110 permit ip any host 192.168.181.253
access-list 111 permit ip any host 192.168.183.5
access-list 112 permit ip any host xxx.xxx.xxx.xxx
access-list 112 permit ip any host xxx.xxx.xxx.xxx
access-list 113 permit ip any host 192.168.180.39
access-list 114 permit ip any host 192.168.181.33
access-list 114 permit ip any host xxx.xxx.xxx.xxx
access-list 115 permit ip any host 192.168.180.43
access-list 116 permit ip any host xxx.xxx.xxx.xxx
access-list 116 permit ip any host xxx.xxx.xxx.xxx
access-list 117 permit ip any host 192.168.181.37
access-list 118 permit ip any host 192.168.186.41
access-list 119 permit ip any host xxx.xxx.xxx.xxx
access-list 120 permit ip any host 192.168.180.33 time-range DAY
access-list 121 permit ip any host 192.168.180.33 time-range NIGHT
access-list 122 permit ip any host 192.168.180.35
access-list 123 permit ip any host 192.168.180.36
access-list 124 permit ip any host 192.168.180.37
access-list 125 permit ip any host 192.168.180.38
access-list 126 permit ip any host 192.168.180.34
access-list 126 permit ip any host 192.168.180.34 time-range DAY
access-list 127 permit ip any host 192.168.181.13
access-list 128 permit ip any host xxx.xxx.xxx.xxx
access-list 129 permit ip any host xxx.xxx.xxx.xxx time-range DAY
access-list 130 permit ip any host xxx.xxx.xxx.xxx time-range NIGHT2
access-list 131 permit ip any host 192.168.183.9
access-list 132 permit ip any host xxx.xxx.xxx.xxx
access-list 133 permit ip any host 192.168.181.41
access-list 134 permit ip any host 192.168.180.44
access-list 136 permit ip any host 192.168.183.13
access-list 136 permit ip any host 192.168.187.25
access-list 136 permit ip any host 192.168.186.45
access-list 137 permit ip any host 192.168.183.221
access-list 138 permit ip any host 192.168.181.49
access-list 138 permit ip any host 192.168.181.50
access-list 138 permit ip any host 192.168.181.51
access-list 138 permit ip any host 192.168.181.52
access-list 138 permit ip any host 192.168.181.53
access-list 139 permit ip any host 192.168.180.40
access-list 140 permit ip any host 192.168.181.45
access-list 141 permit ip any host 192.168.181.65
access-list 142 permit ip any host 192.168.181.69
access-list 143 permit ip any host 192.168.181.73
access-list 144 permit ip any host 192.168.183.21
access-list 144 permit ip any host 192.168.183.153
access-list 144 permit ip any host 192.168.183.154
access-list 144 permit ip any host 192.168.183.155
access-list 144 permit ip any host 192.168.183.156
access-list 144 permit ip any host 192.168.183.157
access-list 144 permit ip any host 192.168.183.158
access-list 145 permit ip any host xxx.xxx.xxx.xxx
access-list 145 permit ip any host 192.168.186.57
access-list 146 permit ip any host 192.168.183.25
access-list 146 permit ip any host 192.168.186.113
access-list 146 permit ip any host 192.168.186.114
access-list 146 permit ip any host 192.168.186.115
access-list 146 permit ip any host 192.168.186.116
access-list 146 permit ip any host 192.168.186.117
access-list 146 permit ip any host 192.168.186.118
access-list 147 permit ip any host 192.168.181.77
access-list 147 permit ip any host 192.168.186.109
access-list 147 permit ip any host 192.168.186.101
access-list 147 permit ip any host 192.168.183.161
access-list 147 permit ip any host 192.168.186.33
access-list 148 permit ip any host 192.168.183.33
access-list 149 permit ip any host xxx.xxx.xxx.xxx
access-list 150 permit ip any host 192.168.183.37
access-list 151 permit ip any host xxx.xxx.xxx.xxx
access-list 152 permit ip any host xxx.xxx.xxx.xxx
access-list 153 permit ip any host xxx.xxx.xxx.xxx
access-list 154 permit ip any host 192.168.183.41
access-list 155 permit ip any host xxx.xxx.xxx.xxx
access-list 156 permit ip any host 192.168.183.45
access-list 157 permit ip any host 192.168.181.81
access-list 158 permit ip any host 192.168.183.49
access-list 159 permit ip any host 192.168.181.89
access-list 159 permit ip any host 192.168.181.90
access-list 160 permit ip any host 192.168.183.53
access-list 161 permit ip any host 192.168.181.97
access-list 162 permit ip any host 192.168.183.57
access-list 163 permit ip any host xxx.xxx.xxx.xxx
access-list 163 permit ip any host xxx.xxx.xxx.xxx
access-list 163 permit ip any host xxx.xxx.xxx.xxx
access-list 163 permit ip any host xxx.xxx.xxx.xxx
access-list 163 permit ip any host xxx.xxx.xxx.xxx
access-list 165 permit ip any host 192.168.183.65
access-list 165 permit ip any host 192.168.183.66
access-list 165 permit ip any host 192.168.183.67
access-list 165 permit ip any host 192.168.183.68
access-list 165 permit ip any host 192.168.183.69
access-list 166 permit ip any host 192.168.181.105
access-list 166 permit ip any host 192.168.181.106
access-list 166 permit ip any host 192.168.181.107
access-list 166 permit ip any host 192.168.181.108
access-list 166 permit ip any host 192.168.181.109
access-list 167 permit ip any host 192.168.181.113
access-list 168 permit ip any host xxx.xxx.xxx.xxx
access-list 169 permit ip any host 192.168.183.73
access-list 170 permit ip any host 192.168.183.77
access-list 171 permit ip any host 192.168.183.81
access-list 172 permit ip any host 192.168.181.117
access-list 173 permit ip any host 192.168.183.85
access-list 173 permit ip any host 192.168.181.253
access-list 174 permit ip any host 192.168.181.121
access-list 175 permit ip any host 192.168.183.98
access-list 176 permit ip any host 192.168.181.125
access-list 176 permit ip any host 192.168.186.121
access-list 176 permit ip any host 192.168.186.122
access-list 176 permit ip any host 192.168.186.123
access-list 176 permit ip any host 192.168.186.124
access-list 176 permit ip any host 192.168.186.125
access-list 177 permit ip any host 192.168.185.9
access-list 177 permit ip any host 192.168.185.1
access-list 177 permit ip any host 192.168.185.17
access-list 177 permit ip any host 192.168.185.5
access-list 178 permit ip any host 192.168.181.129
access-list 179 permit ip any host 192.168.181.161
access-list 180 permit ip any host 192.168.181.165
access-list 181 permit ip any host 192.168.181.169
access-list 182 permit ip any host 192.168.181.173
access-list 183 permit ip any host 192.168.181.177
access-list 184 permit ip any host 192.168.181.181
access-list 185 permit ip any host 192.168.183.89
access-list 186 permit ip any host 192.168.183.61
access-list 187 permit ip any host 192.168.183.93
access-list 188 permit ip any host 192.168.181.185
access-list 189 permit ip any host 192.168.181.189
access-list 190 permit ip any host 192.168.181.193
access-list 191 permit ip any host 192.168.181.197
access-list 192 permit ip any host 192.168.185.25
access-list 193 permit ip any host 192.168.185.21
access-list 194 permit ip any host 192.168.183.97
access-list 195 permit ip any host 192.168.181.201
access-list 196 permit ip any host 192.168.185.29
access-list 196 permit ip any host 192.168.185.145
access-list 197 permit ip any host 193.178.190.225
access-list 198 permit ip any host 192.168.181.205
access-list 198 permit ip any host 192.168.183.101
access-list 198 permit ip any host 192.168.186.205
access-list 199 permit ip any host 192.168.183.165
access-list 2000 permit ip any host 192.168.181.209
access-list 2000 permit ip any host 192.168.187.21
access-list 2001 permit ip any host 192.168.181.213
access-list 2002 permit ip any host 192.168.180.45
access-list 2003 permit ip any host 192.168.183.105
access-list 2003 permit ip any host 192.168.183.206
access-list 2003 permit ip any host 192.168.183.207
access-list 2004 permit ip any host 192.168.181.217
access-list 2005 permit ip any host 193.178.190.229
access-list 2006 permit ip any host 192.168.181.221
access-list 2007 permit ip any host 192.168.181.225
access-list 2008 permit ip any host 192.168.185.49
access-list 2009 permit ip any host 192.168.181.229
access-list 2010 permit ip any host 192.168.181.233
access-list 2011 permit ip any host 192.168.180.34 time-range NIGHT
access-list 2012 permit ip any host 192.168.181.237
access-list 2013 permit ip any host 192.168.186.1
access-list 2013 permit ip any host 192.168.186.2
access-list 2013 permit ip any host 192.168.186.3
access-list 2013 permit ip any host 192.168.186.4
access-list 2013 permit ip any host 192.168.186.5
access-list 2013 permit ip any host 192.168.186.6
access-list 2013 permit ip any host 192.168.186.7
access-list 2013 permit ip any host 192.168.186.8
access-list 2013 permit ip any host 192.168.186.9
access-list 2013 permit ip any host 192.168.186.10
access-list 2013 permit ip any host 192.168.186.11
access-list 2013 permit ip any host 192.168.186.12
access-list 2013 permit ip any host 192.168.186.13
access-list 2014 permit ip any host 192.168.183.113
access-list 2016 permit ip any host 192.168.183.165
access-list 2017 permit ip any host 192.168.181.245
access-list 2018 permit ip any host 192.168.181.241
access-list 2019 permit ip any host 192.168.185.33
access-list 2019 permit ip any host 192.168.185.34
access-list 2019 permit ip any host 192.168.185.35
access-list 2019 permit ip any host 192.168.185.36
access-list 2019 permit ip any host 192.168.185.37
access-list 2019 permit ip any host 192.168.185.129
access-list 2020 permit ip any host 192.168.181.45
access-list 2021 permit ip any host 193.178.190.253
access-list 2022 permit ip any host 192.168.183.117
access-list 2023 permit ip any host 192.168.185.45
access-list 2024 permit ip any host 192.168.185.53
access-list 2025 permit ip any host 193.178.190.209
access-list 2026 permit ip any host 192.168.185.61
access-list 2027 permit ip any host 192.168.185.65
access-list 2028 permit ip any host 192.168.183.121
access-list 2029 permit ip any host 192.168.183.125
access-list 2030 permit ip any host 192.168.185.69
access-list 2031 permit ip any host 192.168.186.17
access-list 2032 permit ip any host 192.168.181.249
access-list 2033 permit ip any host 192.168.183.129
access-list 2034 permit ip any host 192.168.186.21
access-list 2035 permit ip any host 192.168.186.25
access-list 2036 permit ip any host 192.168.185.73
access-list 2037 permit ip any host 192.168.185.77
access-list 2038 permit ip any host 192.168.185.81
access-list 2038 permit ip any host 192.168.185.82
access-list 2038 permit ip any host 192.168.185.83
access-list 2038 permit ip any host 192.168.185.84
access-list 2038 permit ip any host 192.168.185.85
access-list 2039 permit ip any host 192.168.186.29
access-list 2039 permit ip any host 192.168.186.33
access-list 2040 permit ip any host 192.168.185.89
access-list 2041 permit ip any host 192.168.185.93
access-list 2042 permit ip any host 192.168.186.37
access-list 2043 permit ip any host 192.168.187.1
access-list 2043 permit ip any host 192.168.187.2
access-list 2043 permit ip any host 192.168.187.3
access-list 2044 permit ip any host 192.168.185.97
access-list 2045 permit ip any host 192.168.187.5
access-list 2046 permit ip any host 192.168.187.9
access-list 2047 permit ip any host 192.168.187.13
access-list 2048 permit ip any host 192.168.187.106
access-list 2048 permit ip any host 192.168.187.107
access-list 2048 permit ip any host 192.168.187.108
access-list 2048 permit ip any host 192.168.187.109
access-list 2048 permit ip any host 192.168.185.113
access-list 2050 permit ip any host 192.168.186.49
access-list 2051 permit ip any host 192.168.186.53
access-list 2052 permit ip any host 192.168.187.17
access-list 2053 permit ip any host 192.168.185.117
access-list 2055 permit ip any host 192.168.185.121
access-list 2056 permit ip any host 91.xxx.xxx.xxx
access-list 2057 permit ip any host 192.168.186.61
access-list 2058 permit ip any host 192.168.186.65
access-list 2058 permit ip any host 192.168.186.66
access-list 2058 permit ip any host 192.168.186.67
access-list 2058 permit ip any host 192.168.186.68
access-list 2058 permit ip any host 192.168.186.69
access-list 2059 permit ip any host 192.168.186.73
access-list 2059 permit ip any host 192.168.186.74
access-list 2059 permit ip any host 192.168.186.75
access-list 2059 permit ip any host 192.168.186.76
access-list 2059 permit ip any host 192.168.186.77
access-list 2060 permit ip any host 192.168.183.137
access-list 2061 permit ip any host 192.168.183.141
access-list 2062 permit ip any host 192.168.186.81
access-list 2063 permit ip any host 192.168.186.85
access-list 2064 permit ip any host 192.168.186.89
access-list 2065 permit ip any host 192.168.186.93
access-list 2066 permit ip any host 192.168.186.97
access-list 2067 permit ip any host 192.168.185.125
access-list 2069 permit ip any host 192.168.183.145
access-list 2070 permit ip any host 192.168.183.149
access-list 2071 permit ip any host 192.168.185.25
access-list 2075 permit ip any host 192.168.185.133
access-list 2076 permit ip any host 192.168.186.105
access-list 2079 permit ip any host 192.168.185.137
access-list 2079 permit ip any host 192.168.185.138
access-list 2079 permit ip any host 192.168.185.139
access-list 2079 permit ip any host 192.168.185.140
access-list 2079 permit ip any host 192.168.185.141
access-list 2200 permit ip any host 192.168.183.165
!
dialer dnis group group1
number 550012
call-type cas speech
!
dialer dnis group group2
number 380352550171
number 380352550169
number 380352550168
number 550169
number 550168
number 550171
number 8063xxxxxxx
number 8097xxxxxxx
number 8096xxxxxxx
number 8050xxxxxxx
number 8066xxxxxxx
number 8095xxxxxxx
number 810xxxxxxxxxxxx
number 810xxxxxxxxx
number 810xxxxxxxxxx
number 810xxxxxxxxxxx
number 810xxxxxxxxxxxxx
number 810xxxxxxxxxxxxxx
number 810xxxxxxxxxxxxxxx
number 810xxxxxxxxxxxxxxxx
call-type cas speech
dialer-list 1 protocol ip permit
!
route-map ACCOUNTING permit 10
set interface Loopback0
!
route-map INET permit 10
set interface FastEthernet0/1
!
snmp-server community METR RO
!
radius-server host 192.168.180.17 auth-port 1812 acct-port 1813
radius-server host 192.168.180.27 auth-port 1812 acct-port 1813
radius-server deadtime 2
radius-server key 7 00071A150754
!
voice-port 3/0:D
disc_pi_off
cptone RU
description DIAL-UP port
bearer-cap Speech
!
voice-port 3/1:D
input gain 2
output attenuation -2
echo-cancel coverage 32
cptone RU
bearer-cap 3100Hz
!
!
!
dial-peer voice 815 pots
description Voice_pool
max-conn 22
incoming called-number 8T
no digit-strip
direct-inward-dial
!
dial-peer voice 8152 voip
destination-pattern 8T
session target ipv4:91.xxx.xxx.xxx
dtmf-relay h245-alphanumeric
codec g729r8 bytes 60
!
dial-peer voice 5501 pots
description ZAGmerezi
max-conn 8
incoming called-number 380352550T
no digit-strip
direct-inward-dial
!
dial-peer voice 550 voip
destination-pattern 3803525501T
translate-outgoing calling 380
session target ipv4:91.xxx.xxx.xxx
dtmf-relay h245-alphanumeric
codec g729r8 bytes 60
!
!
!
line con 0
line aux 0
line vty 0 4
access-class VTYTELNET in
exec-timeout 30 0
line 1/00 1/29
session-timeout 30
script modem-off-hook offhook
script callback dial
modem InOut
modem autoconfigure discovery
modem dialout controller 3/0
rotary 1
transport input all
autoselect during-login
autoselect ppp
callback forced-wait 5
line 1/30 1/59
session-timeout 30
script modem-off-hook offhook
modem InOut
rotary 2
transport input all
autoselect during-login
!
scheduler allocate 10000 400
ntp clock-period 17180182
ntp update-calendar
ntp server 193.2.4.2
ntp server 193.193.193.113
ntp server 217.9.0.118
time-range DAY
periodic daily 8:30 to 22:30
periodic daily 8:30 to 23:59
!
time-range NIGHT
periodic daily 0:00 to 8:30
!
time-range NIGHT2
periodic daily 22:30 to 23:59
!
end


Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

18. "SMTP через  NAT! не работает разве?"  
Сообщение от TrEK email(ok) on 29-Мрт-08, 01:08 
>>Может попробовать с route-map в правило nat ась?
>>
>>Вообще весь конфиг хотелось бы видеть.
>
>!

А не подскажите как реализовать route-map в NAT?
Можна попробовать..

Высказать мнение | Ответить | Правка | Наверх | Cообщить модератору

Архив | Удалить

Индекс форумов | Темы | Пред. тема | След. тема
Оцените тред (1=ужас, 5=супер)? [ 1 | 2 | 3 | 4 | 5 ] [Рекомендовать для помещения в FAQ]




Спонсоры:
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2022 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру