need help with configuration - Firewalls

This is a discussion on need help with configuration - Firewalls ; Hi guys, I need your help on port forwarding on CISCOrouter, I am new to configuring CISCO router, any way I did configuer my router, now I can internet and send and recieve mail, so this part is good. I ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: need help with configuration

  1. need help with configuration

    Hi guys,

    I need your help on port forwarding on CISCOrouter,
    I am new to configuring CISCO router, any way I did configuer my
    router, now I can internet and send and recieve mail, so this part is
    good.
    I did try to open these ports on the router; 25 ,22,443,4002
    and I did forward these ports to one of my servers. but when I try to
    telnet any of these port I get no anserw at all or when I try to
    access my server (SBS 2003) with remote desktop (port 4002)no
    connection is made.
    I send you a copy of the router configuration,maybe some of you can
    see some mistake in it.
    Please let me know where is the problem. ( I did change the IP's for
    security reson).


    myrouter#sh run
    Building configuration...


    Current configuration : 4694 bytes
    !
    version 12.4
    no parser cache
    service nagle
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname mydomain
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$QRTEUHN$Sb83SiFXpstr562NA/1iQZ/
    950
    !
    aaa new-model
    !
    !
    aaa authentication login userauthen
    local
    aaa authorization network groupauthor
    local
    !
    aaa session-id common
    !
    resource policy
    !
    no ip source-route
    ip cef
    !
    !
    !
    !
    ip tcp mss 1400
    no ip domain lookup
    ip domain name mydomain.com
    ip inspect name myfw cuseeme timeout
    3600
    ip inspect name myfw http timeout
    3600
    ip inspect name myfw rcmd timeout
    3600
    ip inspect name myfw realaudio timeout
    3600
    ip inspect name myfw tftp timeout
    30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw tcp timeout
    3600
    ip inspect name myfw h323 timeout
    3600
    !
    !
    !
    username johndo secret 5 $1$LJB.$ty/
    MZ6auSm3khkhAIMGeTsF/
    username test secret 5 $1$ub5k$b/
    nmlDv4eMdRpKertyueEDL1
    !
    !
    !
    crypto isakmp policy 3
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp policy 10
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    !
    crypto isakmp client configuration group
    groepje1
    key 427sieb1
    pool ippool
    !
    !
    crypto ipsec transform-set transset1 esp-3des esp-md5-
    hmac
    !
    crypto dynamic-map dynmap 10
    set transform-set transset1
    !
    !
    crypto map crypmap1 client authentication list
    userauthen
    crypto map crypmap1 isakmp authorization list
    groupauthor
    crypto map crypmap1 client configuration address
    respond
    crypto map crypmap1 20 ipsec-isakmp dynamic
    dynmap
    !
    !
    !
    !
    interface BRI0
    no ip address
    encapsulation hdlc
    shutdown
    !
    interface ATM0
    no ip address
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    no atm ilmi-keepalive
    pvc 0 8/48
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    ip address 10.0.0.190
    255.255.255.0
    ip access-group 102 in
    ip nat insi
    ip inspect myfw in
    ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    hold-queue 100 out
    !
    interface Dialer1
    ip address negotiated
    ip access-group 113 in
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username j...@xs4all.net password 7
    66141601034200555953
    crypto map crypmap1
    !
    ip local pool ippool 192.168.10.100
    192.168.10.110
    ip route 0.0.0.0 0.0.0.0 Dialer1
    permanent
    !
    !
    no ip http server
    no ip http secure-server
    ip nat inside source static tcp 10.0.0.56 7 interface Dialer1
    7
    ip nat inside source static udp 10.0.0.56 7 interface Dialer1
    7
    ip nat inside source route-map nonat interface Dialer1
    overload
    ip nat inside source static tcp 10.0.0.190 22 interface Dialer1
    22
    ip nat inside source static tcp 10.0.0.180 25 interface Dialer1
    25
    ip nat inside source static tcp 10.0.0.180 443 interface Dialer1
    443
    ip nat inside source static tcp 10.0.0.180 110 interface Dialer1
    110
    ip nat inside source static tcp 10.0.0.180 4002 interface Dialer1
    4002
    !
    access-list 23 permit 82.66.199.22
    access-list 23 permit 212.222.20.0
    0.0.0.255
    access-list 23 permit 10.0.0.0
    0.0.0.255
    access-list 102 permit ip 10.0.0.0 0.0.0.255
    any
    access-list 102 permit ip 192.168.10.0 0.0.0.255
    any
    access-list 102 permit esp any any
    access-list 105 deny ip 10.0.0.0 0.0.0.255 192.168.10.0
    0.0.0.255
    access-list 105 permit ip 10.0.0.0 0.0.0.255
    any
    access-list 112 permit tcp any any eq
    smtp
    access-list 112 permit tcp any any eq 443
    access-list 112 permit tcp any any eq pop3
    access-list 112 permit tcp any any eq
    4002
    access-list 112 permit ip host 82.62.160.105
    any
    access-list 112 deny ip any any
    access-list 113 permit ip 192.168.10.0 0.0.0.255
    any
    access-list 113 permit esp any any
    access-list 113 permit udp any any eq
    isakmp
    access-list 113 permit tcp host 82.66.199.22 any eq 22
    access-list 113 permit tcp 213.222.20.224 0.0.0.7 any eq 22
    access-list 113 permit tcp host 193.172.44.45 eq tftp-data any
    access-list 113 permit tcp host 194.151.107.40 eq tftp-data any
    access-list 113 permit tcp host 194.151.107.44 eq tftp-data any
    access-list 113 permit icmp any any
    access-list 113 permit tcp any any eq echo
    access-list 113 permit udp any any eq echo
    access-list 113 deny ip any any
    access-list 115 permit ip any any
    access-list 115 permit esp any any
    dialer-list 1 protocol ip permit
    !
    !
    !
    route-map nonat permit 10
    match ip address 105
    !
    !
    control-plane
    !
    !
    line con 0
    --More--


  2. Re: need help with configuration

    On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:

    >username johndo secret 5 $1$LJB.$ty/
    >MZ6auSm3khkhAIMGeTsF/
    >username test secret 5 $1$ub5k$b/
    >nmlDv4eMdRpKertyueEDL1


    I suggest you change your password immediately and not post it in public
    again.

  3. Re: need help with configuration

    In article ,
    Default User wrote:
    >On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:


    >>username johndo secret 5 $1$LJB.$ty/
    >>MZ6auSm3khkhAIMGeTsF/
    >>username test secret 5 $1$ub5k$b/
    >>nmlDv4eMdRpKertyueEDL1


    >I suggest you change your password immediately and not post it in public
    >again.


    It doesn't matter. It is type 7 passwords that are easy to crack.
    Type 5 passwords are MD5 hashes, and if you know an efficient way to
    break MD5 hashes then you have made a major cryptography breakthrough.

    http://insecure.org/sploits/cisco.passwords.html


  4. Re: need help with configuration

    On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
    > In article ,
    > Default User wrote:
    >
    > >On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:
    > >>username johndo secret 5 $1$LJB.$ty/
    > >>MZ6auSm3khkhAIMGeTsF/
    > >>username test secret 5 $1$ub5k$b/
    > >>nmlDv4eMdRpKertyueEDL1

    > >I suggest you change your password immediately and not post it in public
    > >again.

    >
    > It doesn't matter. It is type 7 passwords that are easy to crack.
    > Type 5 passwords are MD5 hashes, and if you know an efficient way to
    > break MD5 hashes then you have made a major cryptography breakthrough.
    >
    > http://insecure.org/sploits/cisco.passwords.html


    hey,

    if you do not have anserw to other peopel question stop jerking, you
    think Iam stupid enough to don't change the pasword hashes before put
    it on the net? dream on.
    give anserw or shutup please.


  5. Re: need help with configuration

    In article <1170279698.397542.29450@a75g2000cwd.googlegroups.c om>,
    shahin wrote:
    >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
    >> In article ,
    >> Default User wrote:


    >> >I suggest you change your password immediately and not post it in public


    >> It doesn't matter. It is type 7 passwords that are easy to crack.


    >if you do not have anserw to other peopel question stop jerking,


    You replied to my posting; could I ask you to clarify whether you
    were addressing those remarks to me or to someone else?

  6. Re: need help with configuration

    On 31 jan, 23:42, rober...@hushmail.com (Walter Roberson) wrote:
    > In article <1170279698.397542.29...@a75g2000cwd.googlegroups.c om>,
    >
    > shahin wrote:
    > >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
    > >> In article ,
    > >> Default User wrote:
    > >> >I suggest you change your password immediately and not post it in public
    > >> It doesn't matter. It is type 7 passwords that are easy to crack.

    > >if you do not have anserw to other peopel question stop jerking,

    >
    > You replied to my posting; could I ask you to clarify whether you
    > were addressing those remarks to me or to someone else?


    Hi Walter,

    I am sorry, my remarks was pointed to defult user.


  7. Re: need help with configuration

    On 31 jan, 23:42, rober...@hushmail.com (Walter Roberson) wrote:
    > In article <1170279698.397542.29...@a75g2000cwd.googlegroups.c om>,
    >
    > shahin wrote:
    > >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
    > >> In article ,
    > >> Default User wrote:
    > >> >I suggest you change your password immediately and not post it in public
    > >> It doesn't matter. It is type 7 passwords that are easy to crack.

    > >if you do not have anserw to other peopel question stop jerking,

    >
    > You replied to my posting; could I ask you to clarify whether you
    > were addressing those remarks to me or to someone else?


    Hi Walter,

    I am sorry, my remarks was pointed to defult user.


  8. Re: need help with configuration

    On Wed, 31 Jan 2007 18:01:55 GMT, roberson@hushmail.com (Walter Roberson)
    wrote:

    >In article ,
    >Default User wrote:
    >>On 31 Jan 2007 05:47:04 -0800, "shahin" wrote:

    >
    >>>username johndo secret 5 $1$LJB.$ty/
    >>>MZ6auSm3khkhAIMGeTsF/
    >>>username test secret 5 $1$ub5k$b/
    >>>nmlDv4eMdRpKertyueEDL1

    >
    >>I suggest you change your password immediately and not post it in public
    >>again.

    >
    >It doesn't matter. It is type 7 passwords that are easy to crack.
    >Type 5 passwords are MD5 hashes, and if you know an efficient way to
    >break MD5 hashes then you have made a major cryptography breakthrough.
    >
    >http://insecure.org/sploits/cisco.passwords.html


    It's done all the time with brute force attacks. All you need to do is
    match the hash and you've got your password. Cain & Able
    http://www.oxid.it/ can do it.

  9. Re: need help with configuration

    On 1 Feb 2007 05:48:27 -0800, "shahin" wrote:

    >On 31 jan, 23:42, rober...@hushmail.com (Walter Roberson) wrote:
    >> In article <1170279698.397542.29...@a75g2000cwd.googlegroups.c om>,
    >>
    >> shahin wrote:
    >> >On 31 jan, 19:01, rober...@hushmail.com (Walter Roberson) wrote:
    >> >> In article ,
    >> >> Default User wrote:
    >> >> >I suggest you change your password immediately and not post it in public
    >> >> It doesn't matter. It is type 7 passwords that are easy to crack.
    >> >if you do not have anserw to other peopel question stop jerking,

    >>
    >> You replied to my posting; could I ask you to clarify whether you
    >> were addressing those remarks to me or to someone else?

    >
    >Hi Walter,
    >
    >I am sorry, my remarks was pointed to defult user.


    In that case; Yes, I think you are stupid.

    HAND

+ Reply to Thread