The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Версия для распечатки Пред. тема | След. тема
Новые ответы [ Отслеживать ]
Cisco NAT и Firewall, !*! Евгений, 27-Июн-12, 15:30  [смотреть все]
Всех приветствую. Писал ранее по поводу блокирования любых запросов на маршрутизатор. С предыдущим вопросом разобрался, но теперь возникла другая проблема, не могу пробросить порты на серый ИП. Циска вроде как пробрасывает порт, но прохождение до серой сети, походу, блокирует Firewal... Скидываю конфиг. Версия прошивки 15.0.

ip source-route
ip gratuitous-arps
ip dhcp excluded-address
ip dhcp pool ccp-pool1
   import all
ip cef    
ip domain name domain.local
ip name-server
license udi pid CISCO861W-GN-E-K9 sn FCZ1545C5YG
username daltin privilege 15 secret 5 $1$UcDY$lIE4DaKWrVUHFkDCHpDmk1
username rood privilege 15 password 7 105C0F0F030319065C557D727D7F6265
ip finger
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
class-map type inspect match-any SDM_BOOTPC
match access-group name SDM_BOOTPC
match protocol tcp
match protocol http
match protocol https
match protocol udp
class-map type inspect match-any SDM_DHCP_CLIENT_PT
match class-map SDM_BOOTPC
match protocol tcp
match protocol http
match protocol https
match protocol udp
class-map type inspect match-any sdm-cls-bootps
match protocol bootps
match protocol tcp
match protocol http
match protocol https

match protocol udp
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol icmp
match protocol imap
match protocol pop3
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol https
match protocol tcp
match protocol udp
match protocol http
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect sdm-cls-bootps
class type inspect ccp-icmp-access
class class-default
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
class type inspect ccp-protocol-http
class type inspect ccp-insp-traffic
class class-default

policy-map type inspect ccp-permit
class type inspect SDM_DHCP_CLIENT_PT
class class-default
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security in-zone
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
ip mask-reply
ip directed-broadcast
ip flow ingress

arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool NAT_POOL netmask
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 37777 37777 extendable
ip route
ip access-list extended SDM_BOOTPC
remark CCP_ACL Category=0
permit udp any any eq bootpc
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit
access-list 100 permit ip any any
no cdp run
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image

Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру