09-21-2006 02:05 AM - edited 03-03-2019 02:04 PM
Dear All,
1.I have one Router for Internet 1841.
this Router have 2 Interface as following :-
1- the First Interface is connected to MY ISP Router with this IP :-
213.255.237.105.
2- the Second Interface is connected to MY Switch 'UNMANAGED SWITCH ', with this
IP :-
213.255.237.113 / 248.
So, here is My question
the People who are behind interface 213.255.237.113 / 248 are 3 Peoples.
as follsoing :-
1- First PC --- have this IP 213.255.237.115 .
2- Second One --- 213.255.237.116
3- third one----213.255.237.117.
======================================
untill Now, every thing is Clear.
MY E-mail server is hosted in MY ISP Side, and i am using POP3 Account to access it from any where .
Now, the Third user which have this Real IP Address ( 213.255.237.117 ), reported to me that , he is UNABLE COMPLETELY TO RECEIVE ANY E-MAILS using POP3, but he is able to send " SMTP", and able to browse Internet " HTTP".
the others Users did not reported at all like this Problem at all.
and all of them able to send / receive / browsing .
to make a test over his PC , i shutdown his PC Completely, and i put my LAPTOP instead of him, and with the same IP and i found that the same Problem.
All the IP are real IPs for the 2 interfaces which is F0/0 & F0/1 from MY ISP.
-------------
the Router is have this Access List:-
so where is the Problem ?
could it be from the ISP HIM SELF ? or from my router .
=======================================
access-list 1 permit 213.255.237.104 0.0.0.7
access-list 1 permit 213.255.237.112 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 2 permit 213.255.237.109
access-list 2 permit 172.16.1.4
access-list 2 permit 172.16.1.1
access-list 2 permit 172.16.0.0 0.0.255.255
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip 255.0.0.0 0.255.255.255 any
access-list 103 deny ip 224.0.0.0 7.255.255.255 any
access-list 103 deny ip 213.255.237.104 0.0.0.7 213.255.237.104 0.0.0.7
access-list 103 deny ip 213.255.237.112 0.0.0.7 213.255.237.104 0.0.0.7
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 2000 2002
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 range 6000 6003
access-list 103 deny udp any 213.255.237.104 0.0.0.7 range 6000 6003
access-list 103 deny tcp any 213.255.237.104 0.0.0.7 eq 2049
access-list 103 deny udp any 213.255.237.104 0.0.0.7 eq 2049
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 2000 2002
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 range 6000 6003
access-list 103 deny udp any 213.255.237.112 0.0.0.7 range 6000 6003
access-list 103 deny tcp any 213.255.237.112 0.0.0.7 eq 2049
access-list 103 deny udp any 213.255.237.112 0.0.0.7 eq 2049
access-list 103 deny tcp any host 213.255.237.115 eq 8080
access-list 103 deny udp any host 213.255.237.115 eq 8080
access-list 103 deny tcp any host 213.255.237.115 eq 8081
access-list 103 deny udp any host 213.255.237.115 eq 8081
access-list 103 deny tcp any host 213.255.237.116 eq 7988
access-list 103 deny udp any host 213.255.237.116 eq 7988
access-list 103 deny tcp any host 213.255.237.115 eq 8091
access-list 103 deny udp any host 213.255.237.115 eq 8091
access-list 103 permit udp any 213.255.237.104 0.0.0.7 gt 1023
access-list 103 permit tcp any 213.255.237.104 0.0.0.7 gt 1023
access-list 103 permit udp any 213.255.237.112 0.0.0.7 gt 1023
access-list 103 permit tcp any 213.255.237.112 0.0.0.7 gt 1023
access-list 103 deny tcp any 213.255.237.104 0.0.0.7
access-list 103 deny udp any 213.255.237.112 0.0.0.7
access-list 103 permit tcp any host 213.255.237.116 eq smtp
access-list 103 permit tcp any host 213.255.237.116 eq pop3
access-list 103 permit ip any any
snmp-server community HO-RO-Internet RO
09-21-2006 02:20 AM
That is quite some issue. The cause might very well be acl-related but this will be hard to tell for us as you did not specify their use. I would point at acl 103 instinctively as this one is far too long anyway. It could also be a configuration issue on the mailserver as there are no other problems except from pop3 receiving.
You public IP's are in the open now anyway so you might as well post the router config as well. Then we might be able to detect some other possible causes.
I would also advise you to contact a local cisco reseller and have a review of your security. I am certain that many on this forum will be eager enough to help you with this for a few points but after all your local reseller has to make a living too, isn't it?
Regards,
Leo
09-21-2006 02:50 AM
Hello Mohammed,
in order to exclude that your problem is access-list related, you could try, if possible, to temporarily remove access list 103 from the interface, and see if that makes a difference.
When you use your laptop to test, are you using the same user account ? If so, the issue might be user (ID) related...
Regards,
GNT
09-21-2006 03:06 AM
Thanks ,
But take care,
if i remove the Access list, every thing will be disable completely .
becasue the Accees-list if its removed, every thing will be blocked .
so is that correct ?
also, BTW,
see this Access-List :-
1- access-list 103 permit tcp any host 213.255.237.116 eq smtp
2- access-list 103 permit tcp any host 213.255.237.116 eq POP3.
3- access-list 103 Permit tcp any host 213.255.237.115 eq smtp
4- access-list 102 permit tcp any host 213.255.237.115 eq POP3.
5- access-list 103 Permit any any.
now, as you can see there is no any Access-list for this IP 213.255.237.117 at all.
so maybe this could be a problem ?
but if this was the Problem, i think its clear that , i have access list that permit every thing from any where to any where , so there is no any thing for that . was i correct .
please guide me as much as you can .
09-21-2006 03:10 AM
Having no access-list means that there is no restriction to the traffic at all. So everything will not be disabled but on the contrary, everything will be accessible.
This only to be used for testing purposes. It won't take long to determine if the access-list is causing your troubles. Let us know!
Regards,
Leo
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: