06-21-2004 08:52 AM - edited 03-02-2019 04:31 PM
I've just recently inherited an undocumented network (*.vfde.org) after a recent black out with the company. Talk about a two for one special.
The clients have not been able to receive email from external sources for about a week after a recent NIC burn out from the PDC which also serves as thier mail exchange server. The exchange server orginally had 2 nic cards (multihomed) behind ISA.
Router: 141.151.33.1
NIC #1 "External" IP 141.151.33.2
NIC #2 "Internal" IP 192.168.0.1
Named Server by the way is 192.168.0.68
The External NIC card was fried due to an electrical storm and a new server IP address assigned to the single card.
NIC #1 "Internal/External IP 192.168.0.2
Our registrar is NetworkSolutions and the DNS entry there is
NS1.MYDOMAIN.COM
NS2.MYDOMAIN.COM
Over at Mydomain.com we have URL and Mail fowarding turned off, but have the the following MX/A Configuration
MX: mail.vcfde.org
A: 192.168.0.2 (The exchange server IP)
We still had no luck receiving email...
Now, I was recently told that this IP may need to be forwarded through port 25 in our Cisco 2501. I just need to know if my configuration thus far is correct, and if IP forwarding is required how would I go about changing it via command line on my router. Any help is greatly appreciated
06-21-2004 11:58 AM
Hello,
can you post the configuration ?
Regards,
Georg
06-21-2004 01:15 PM
Here's the Router Configuration (as per ConfigMaker2.6) Hope this helps. I have a funny feeling it may have something to do with the static NAT, I yeild to the experts on this:
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Router
!
enable password
!
ip name-server 141.151.0.68
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to EthernetLAN
ip address 192.168.0.6 255.255.255.128
ip helper-address 192.168.0.1
no ip directed-broadcast
ip nat inside
keepalive 10
!
interface Serial 0
no shutdown
description connected to Internet
ip address 141.151.50.190 255.255.255.252
no ip directed-broadcast
ip nat outside
encapsulation hdlc
!
interface Serial 1
no shutdown
description connected to UnknownDevice
ip address 192.168.1.1 255.255.255.252
no ip directed-broadcast
ip nat inside
encapsulation hdlc
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.0.0 0.0.0.127
access-list 1 permit 192.168.1.0 0.0.0.3
access-list 1 permit 192.168.0.128 0.0.0.15
!
! Static NAT
!
ip nat inside source static 192.168.0.112 141.151.33.3
ip nat inside source static 192.168.0.6 141.151.33.1
ip nat inside source static 192.168.0.1 141.151.33.2
ip nat inside source static 192.168.0.8 141.151.33.6
ip nat inside source static 192.168.0.12 141.151.33.12
ip nat inside source static 192.168.0.7 141.151.33.5
ip nat inside source static 192.168.0.14 141.151.33.7
ip nat inside source static 192.168.0.16 141.151.33.8
ip nat inside source static 192.168.0.130 141.151.33.9
ip nat inside source static 192.168.0.10 141.151.33.11
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat pool Router-natpool-0 141.151.33.13 141.151.33.14 netmask 255.255.255.240
ip nat inside source list 1 pool Router-natpool-0 overload
!
router rip
version 2
network 192.168.0.0
network 192.168.1.0
passive-interface Serial 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
ip forward-protocol udp 135
!
line console 0
exec-timeout 0 0
password
login
transport input none
!
line vty 0 4
password
login
!
end
06-21-2004 01:51 PM
Hello,
are all your clients on the 192.168.0.0/25 network ? And all your servers (including the one they cannot reach) on addreses starting with 141 ? Looking at the config, I would simplify it as following:
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Router
!
enable password
!
ip name-server 141.151.0.68
!
ip subnet-zero
ip domain-lookup
ip routing
!
interface Ethernet 0
no shutdown
description connected to EthernetLAN
ip address 192.168.0.6 255.255.255.128
ip helper-address 192.168.0.1
no ip directed-broadcast
ip nat inside
keepalive 10
!
interface Serial 0
no shutdown
description connected to Internet
ip address 141.x.x.x.x.255.252
no ip directed-broadcast
ip nat outside
encapsulation hdlc
!
interface Serial 1
no shutdown
description connected to UnknownDevice
ip address 192.168.1.1 255.255.255.252
no ip directed-broadcast
encapsulation hdlc
!
! Access Control List 1
!
access-list 1 permit 192.168.0.0 0.0.0.127
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
!
ip nat inside source list 1 interface serial0 overload
!
router rip
version 2
network 192.168.0.0
network 192.168.1.0
passive-interface Serial 0
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Serial 0
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
ip forward-protocol udp 135
ip forward-protocol udp 68
!
line console 0
exec-timeout 0 0
password
login
transport input none
!
line vty 0 4
password
login
!
end
I have taken all the static and dynamic NAT stuff out and added ip forward-protocol udp 68, which is the bootpc port for your DHCP clients...
Check if this works any better, if not, let me know.
Regards,
Georg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide