REAL IP Problem with INTERNET ROUTER

Unanswered Question
Sep 21st, 2006
User Badges:

Dear All,


1.I have one Router for Internet 1841.

this Router have 2 Interface as following :-


1- the First Interface is connected to MY ISP Router with this IP :-

213.255.237.105.


2- the Second Interface is connected to MY Switch 'UNMANAGED SWITCH ', with this

IP :-

213.255.237.113 / 248.


So, here is My question


the People who are behind interface 213.255.237.113 / 248 are 3 Peoples.

as follsoing :-

1- First PC --- have this IP 213.255.237.115 .

2- Second One --- 213.255.237.116

3- third one----213.255.237.117.

======================================

untill Now, every thing is Clear.

MY E-mail server is hosted in MY ISP Side, and i am using POP3 Account to access it from any where .

Now, the Third user which have this Real IP Address ( 213.255.237.117 ), reported to me that , he is UNABLE COMPLETELY TO RECEIVE ANY E-MAILS using POP3, but he is able to send " SMTP", and able to browse Internet " HTTP".


the others Users did not reported at all like this Problem at all.

and all of them able to send / receive / browsing .


to make a test over his PC , i shutdown his PC Completely, and i put my LAPTOP instead of him, and with the same IP and i found that the same Problem.


All the IP are real IPs for the 2 interfaces which is F0/0 & F0/1 from MY ISP.

-------------

the Router is have this Access List:-

so where is the Problem ?

could it be from the ISP HIM SELF ? or from my router .

=======================================

access-list 1 permit 213.255.237.104 0.0.0.7

access-list 1 permit 213.255.237.112 0.0.0.7

access-list 1 permit 172.16.0.0 0.0.0.255

access-list 2 permit 213.255.237.109

access-list 2 permit 172.16.1.4

access-list 2 permit 172.16.1.1

access-list 2 permit 172.16.0.0 0.0.255.255

access-list 103 deny ip 127.0.0.0 0.255.255.255 any

access-list 103 deny ip 255.0.0.0 0.255.255.255 any

access-list 103 deny ip 224.0.0.0 7.255.255.255 any

access-list 103 deny ip 213.255.237.104 0.0.0.7 213.255.237.104 0.0.0.7

access-list 103 deny ip 213.255.237.112 0.0.0.7 213.255.237.104 0.0.0.7

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 2000 2002

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 6000 6003

access-list 103 deny udp any 213.255.237.104 0.0.0.7 range 6000 6003

access-list 103 deny tcp any 213.255.237.104 0.0.0.7 eq 2049

access-list 103 deny udp any 213.255.237.104 0.0.0.7 eq 2049

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 2000 2002

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 6000 6003

access-list 103 deny udp any 213.255.237.112 0.0.0.7 range 6000 6003

access-list 103 deny tcp any 213.255.237.112 0.0.0.7 eq 2049

access-list 103 deny udp any 213.255.237.112 0.0.0.7 eq 2049

access-list 103 deny tcp any host 213.255.237.115 eq 8080

access-list 103 deny udp any host 213.255.237.115 eq 8080

access-list 103 deny tcp any host 213.255.237.115 eq 8081

access-list 103 deny udp any host 213.255.237.115 eq 8081

access-list 103 deny tcp any host 213.255.237.116 eq 7988

access-list 103 deny udp any host 213.255.237.116 eq 7988

access-list 103 deny tcp any host 213.255.237.115 eq 8091

access-list 103 deny udp any host 213.255.237.115 eq 8091

access-list 103 permit udp any 213.255.237.104 0.0.0.7 gt 1023

access-list 103 permit tcp any 213.255.237.104 0.0.0.7 gt 1023

access-list 103 permit udp any 213.255.237.112 0.0.0.7 gt 1023

access-list 103 permit tcp any 213.255.237.112 0.0.0.7 gt 1023

access-list 103 deny tcp any 213.255.237.104 0.0.0.7

access-list 103 deny udp any 213.255.237.112 0.0.0.7

access-list 103 permit tcp any host 213.255.237.116 eq smtp

access-list 103 permit tcp any host 213.255.237.116 eq pop3

access-list 103 permit ip any any

snmp-server community HO-RO-Internet RO

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lgijssel Thu, 09/21/2006 - 02:20
User Badges:
  • Red, 2250 points or more

That is quite some issue. The cause might very well be acl-related but this will be hard to tell for us as you did not specify their use. I would point at acl 103 instinctively as this one is far too long anyway. It could also be a configuration issue on the mailserver as there are no other problems except from pop3 receiving.

You public IP's are in the open now anyway so you might as well post the router config as well. Then we might be able to detect some other possible causes.

I would also advise you to contact a local cisco reseller and have a review of your security. I am certain that many on this forum will be eager enough to help you with this for a few points but after all your local reseller has to make a living too, isn't it?


Regards,

Leo

globalnettech Thu, 09/21/2006 - 02:50
User Badges:
  • Silver, 250 points or more

Hello Mohammed,


in order to exclude that your problem is access-list related, you could try, if possible, to temporarily remove access list 103 from the interface, and see if that makes a difference.

When you use your laptop to test, are you using the same user account ? If so, the issue might be user (ID) related...


Regards,


GNT

mmtantawi Thu, 09/21/2006 - 03:06
User Badges:

Thanks ,


But take care,

if i remove the Access list, every thing will be disable completely .

becasue the Accees-list if its removed, every thing will be blocked .

so is that correct ?

also, BTW,


see this Access-List :-

1- access-list 103 permit tcp any host 213.255.237.116 eq smtp

2- access-list 103 permit tcp any host 213.255.237.116 eq POP3.


3- access-list 103 Permit tcp any host 213.255.237.115 eq smtp


4- access-list 102 permit tcp any host 213.255.237.115 eq POP3.


5- access-list 103 Permit any any.


now, as you can see there is no any Access-list for this IP 213.255.237.117 at all.


so maybe this could be a problem ?


but if this was the Problem, i think its clear that , i have access list that permit every thing from any where to any where , so there is no any thing for that . was i correct .


please guide me as much as you can .



lgijssel Thu, 09/21/2006 - 03:10
User Badges:
  • Red, 2250 points or more

Having no access-list means that there is no restriction to the traffic at all. So everything will not be disabled but on the contrary, everything will be accessible.

This only to be used for testing purposes. It won't take long to determine if the access-list is causing your troubles. Let us know!


Regards,

Leo

Actions

This Discussion