09-21-2006 02:16 AM - edited 03-03-2019 05:09 AM
Dear All,
----
1.I have one Router for Internet 1841.
this Router have 2 Interface as following :-
1- the First Interface is connected to MY ISP Router with this IP :-
213.255.237.109 /248.
2- the Second Interface is connected to MY Switch 'UNMANAGED SWITCH ', with this
IP :-
213.255.237.113 / 248.
-----
the People who are behind interface 213.255.237.113 / 248, are 3 Peoples.
as follsoing :-
1- First PC --- have this IP 213.255.237.115 .
2- Second One --- 213.255.237.116
3- third one----213.255.237.117.
======================================
untill Now, every thing is Clear.
MY E-mail server is hosted in MY ISP Side, and i am using POP3 Account to access it from any where .
Now, the Third user which have this Real IP Address ( 213.255.237.117 ), reported to me that , he is UNABLE COMPLETELY TO RECEIVE ANY E-MAILS using POP3, but he is able to send " SMTP", and able to browse Internet " HTTP".
the others Users did not reported at all like this Problem at all.
and all of them able to send / receive / browsing .
to make a test over his PC , i shutdown his PC Completely, and i put my LAPTOP instead of him, and with the same IP and i found that the same Problem.
All the IP are real IPs for the 2 interfaces which is F0/0 & F0/1 from MY ISP.
-------------
the Router is have this Access List:-
so where is the Problem ?
could it be from the ISP HIM SELF ? or from my router .
=======================================
access-list 1 permit 213.255.237.104 0.0.0.7
access-list 1 permit 213.255.237.112 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 2 permit 213.255.237.109
access-list 2 permit 172.16.1.4
access-list 2 permit 172.16.1.1
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip 255.0.0.0 0.255.255.255 any
access-list 103 deny ip 224.0.0.0 7.255.255.255 any
access-list 103 deny ip 213.255.237.104 0.0.0.7 213.255.237.104 0.0.0.7
access-list 103 deny ip 213.255.237.112 0.0.0.7 213.255.237.104 0.0.0.7
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 2000 2002
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 6000 6003
access-list 103 deny udp any 213.255.237.104 0.0.0.7 range 6000 6003
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 eq 2049
access-list 103 deny udp any 213.255.237.104 0.0.0.7 eq 2049
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 2000 2002
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 6000 6003
access-list 103 deny udp any 213.255.237.112 0.0.0.7 range 6000 6003
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 eq 2049
access-list 103 deny udp any 213.255.237.112 0.0.0.7 eq 2049
access-list 103 deny tcp any host 213.255.237.115 eq 8080
access-list 103 deny udp any host 213.255.237.115 eq 8080
access-list 103 deny tcp any host 213.255.237.115 eq 8081
access-list 103 deny udp any host 213.255.237.115 eq 8081
access-list 103 deny tcp any host 213.255.237.116 eq 7988
access-list 103 deny udp any host 213.255.237.116 eq 7988
access-list 103 deny tcp any host 213.255.237.115 eq 8091
access-list 103 deny udp any host 213.255.237.115 eq 8091
access-list 103 permit udp any 213.255.237.104 0.0.0.7 gt 1023
access-list 103 permit tcp any 213.255.237.104 0.0.0.7 gt 1023
access-list 103 permit udp any 213.255.237.112 0.0.0.7 gt 1023
access-list 103 permit tcp any 213.255.237.112 0.0.0.7 gt 1023
access-list 103 deny tcp any 213.255.237.104 0.0.0.7
access-list 103 deny udp any 213.255.237.112 0.0.0.7
access-list 103 permit tcp any host 213.255.237.116 eq smtp
access-list 103 permit tcp any host 213.255.237.116 eq pop3
access-list 103 permit ip any any
snmp-server community HO-RO-Internet RO
ip route 0.0.0.0 0.0.0.0 213.255.237.105.
---------------------------
please guide me .
09-21-2006 02:22 AM
Please look in the WAN forum.
09-21-2006 02:36 AM
you have not mentioned that which access list is applied on which interface.
also you need to re-build access list 103 as your access list doesn't tell that what exactly you are trying to permit or deny.
It has source network like 172.16.x.x, 213.255 in your ACL which are not assigned to your network. your network has 213.255.252.112/29 but still they are part of ACL.
you need to be sure of what exactly you need to permit/deny traffic coming from inside network 213.255.252.112/29 and then prepare ACL
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide