 |
|
|
|
| Autor |
Nachricht |
hmontoliu
Anmeldungsdatum: 20.11.2007
Beiträge: 5
|
 Verfasst am:
Do 18 Nov, 2010 15:52 |
  |
|
Hello and sorry for posting in english
we have a lancom 1711VPN which had a problem last week and I was forced to reconfigure it from scratch.
Prior to the problem it had LCOS 7.x but the new configuration is built on LCOS 8.
This router is balancing through 3 WANs and everything is OK.
It is located in a remote office, and we used to use ssh tunnels to access everything we needed inside the remote LAN including the lancom own WEB interface. Those tunnels are stablished with two GNU/Linux servers within the remote LAN.
However after the reconfiguration the 1-N-NAT has stopped to work. The configuration of those ssh mappings is:
| Code:
|
> ls /Setup/IP-Router/1-N-NAT/Service-Table
D-port-from D-port-to Protocol Peer WAN-Address Intranet-Addres Map-Port Active Comment
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
9989 9989 TCP 0.0.0.0 192.168.1.17 9989 Yes Zeus
9990 9990 TCP 0.0.0.0 192.168.1.33 9990 Yes Argus
|
I've also tried to permute every peer names and WAN-addresses w/o succeed. I can't access to the inner ssh servers from any of the wan IPs
I've also checked if it was a firewall issue but we dont have a deny-all rule at all. However I've set up an "allow-everything" rule as follows with no succeed:
| Code:
|
> ls /Setup/IP-Router/Firewall/Rules/ALLOW-EBM-SSH
Name Prot. Source Destination Action Linked Prio Firewall- VPN-Rule Stateful Rtg-tag Comment
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ALLOW-EBM-SSH TCP ANYHOST EBM-SSH %Lcds0 %A No 0 Yes No Yes 0 Permite el uso de los puertos para las conexiones ssh de ebm
|
where EBM-SSH stands for:
| Code:
|
> ls /Setup/IP-Router/Firewall/Objects/EBM-SSH
Name Description
--------------------------------------------------------------------------------------------------
EBM-SSH %S9989-9990 ANYHOST
|
These are all the rules in the firewall:
| Code:
|
Name Prot. Source Destination Action Linked Prio Firewall- VPN-Rule Stateful Rtg-tag Comment
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
WINS TCP UDP NETBIOS ANYHOST ANYHOST INTERNET-FILTER No 0 Yes No Yes 0 block NetBIOS/WINS name resolution via DNS
ALLOW-EBM-SSH TCP ANYHOST EBM-SSH %Lcds0 %A No 0 Yes No Yes 0 Permite el uso de los puertos para las conexiones ssh de ebm
RDP_POR_ONOCISCO ANY LOCALNET RDP ANYHOST ACCEPT No 0 Yes No Yes 2 Conexiones remotas deben establecerse por cisco
QOS_PARA_RDP ANY ANYHOST RDP ANYHOST ACCEPT %Qcds100 No 0 Yes No Yes 2 Garantizar ancho de banda para RDP
OBFUSC_HORDE TCP LOCALNET %S2095 ANYHOST ACCEPT No 0 Yes No Yes 1 excepcion para usar correo web horde desde despacho obfusc-gal
HTTPS_POR_RUTA1 ANY LOCALNET HTTPS ANYHOST ACCEPT No 0 Yes No Yes 1 Desviando https por la ruta con RT1
OBFUSC_WEBMAIL TCP LOCALNET WEBMAILOBFUSC ACCEPT No 0 Yes No Yes 1 excepcion para usar correo web horde desde despacho obfusc-gal
|
Finally the routing table and the peers involved in the load-balancing are:
| Code:
|
> l /Setup/IP-Router/Load-Balancer/Bundle-Peers
Peer Bundle-Peer-1 Bundle-Peer-2 Bundle-Peer-3 Bundle-Peer-4
---------------------------------------------------------------------------------------------
BALANCEADOR ONODHCP ONOCISCO TELEF1
> l /Setup/IP-Router/IP-Routing-Table
IP-Address IP-Netmask Rtg-tag Peer-or-IP Distance Masquerade Active Comment
------------------------------------------------------------------------------------------------------------------------------------------------------------
192.168.0.0 255.255.0.0 0 0.0.0.0 0 No Yes block private networks: 192.168.x.y
172.16.0.0 255.240.0.0 0 0.0.0.0 0 No Yes block private networks: 172.16-31.x.y
10.0.0.0 255.0.0.0 0 0.0.0.0 0 No Yes block private network: 10.x.y.z
224.0.0.0 224.0.0.0 0 0.0.0.0 0 No Yes block multicasts: 224-255.x.y.z
255.255.255.255 0.0.0.0 3 TELEF1 0 on Yes
255.255.255.255 0.0.0.0 2 ONOCISCO 0 on Yes
255.255.255.255 0.0.0.0 1 ONODHCP 0 on Yes
255.255.255.255 0.0.0.0 0 BALANCEADOR 0 on Yes
|
I'm sure that I'm missing something really obvious but I cant see what the heck is it.
Any help will be appreciated. Thanks in advance |
|
|
   |
|
Guest
|
| Verfasst am:
|
|
|
|
|
|
|
|
|
|
| |
|
|
