Today I find I cannot access some sites.
By checking with the nslookup, found it is blocked by my DNS provider.
There are two ways to work around:
1) change the primary DNS server to the one not blocked or still working under Local Area Connection.
2) change the hosts file under C:\WINDOWS\system32\drivers\etc
add the ip address you find with your site name
xxx.xxx.xxx.xxx site_name
Showing posts with label case. Show all posts
Showing posts with label case. Show all posts
Thursday, February 24, 2011
Wednesday, February 16, 2011
route-map case
There is a someone wants to configure such scenario.
if the router see some port then use a gateway, the solution is using route-map and apply it to the interface.
conf t
route-map port80
match ip address matchport80
set ip next-hop xxx.xxx.xxx.xxx <----------- the gateway ip you set for next-hop for the http traffic
ip access-list extended matchport80
permit tcp any any eq www
interface FastEthernet0/0
ip policy route-map port80
if the router see some port then use a gateway, the solution is using route-map and apply it to the interface.
conf t
route-map port80
match ip address matchport80
set ip next-hop xxx.xxx.xxx.xxx <----------- the gateway ip you set for next-hop for the http traffic
ip access-list extended matchport80
permit tcp any any eq www
interface FastEthernet0/0
ip policy route-map port80
Tuesday, February 1, 2011
Cisco IP advance feature - sweep range of sizes
To check the destination ip mtu, please use the following method.
router#ping
Protocol [ip]:
Target IP address: 10.30.30.1
Repeat count [5]: 1
Datagram size [100]: 1
% A decimal number between 36 and 18024.
Datagram size [100]: 100
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: y
Sweep min size [36]: 1470
Sweep max size [18024]: 1500
Sweep interval [1]:
Type escape sequence to abort.
Sending 31, [1470..1500]-byte ICMP Echos to 10.30.30.1, timeout is 2 seconds:
!!!!!..........................
Success rate is 16 percent (5/31), round-trip min/avg/max = 52/67/88 ms
router#ping
Protocol [ip]:
Target IP address: 10.30.30.1
Repeat count [5]: 1
Datagram size [100]: 1
% A decimal number between 36 and 18024.
Datagram size [100]: 100
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: y
Sweep min size [36]: 1470
Sweep max size [18024]: 1500
Sweep interval [1]:
Type escape sequence to abort.
Sending 31, [1470..1500]-byte ICMP Echos to 10.30.30.1, timeout is 2 seconds:
!!!!!..........................
Success rate is 16 percent (5/31), round-trip min/avg/max = 52/67/88 ms
Tuesday, December 28, 2010
Configuration of one to one nat mapping and pool nat
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static 172.18.0.109 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.108 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.107 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.106 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.105 204.8.1xx.xxx extendable
!
access-list 1 deny 172.18.0.108
access-list 1 deny 172.18.0.109
access-list 1 deny 172.18.0.106
access-list 1 deny 172.18.0.107
access-list 1 deny 172.18.0.105
access-list 1 permit 172.0.0.0 0.255.255.255
ip nat inside source static 172.18.0.109 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.108 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.107 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.106 204.8.1xx.xxx extendable
ip nat inside source static 172.18.0.105 204.8.1xx.xxx extendable
!
access-list 1 deny 172.18.0.108
access-list 1 deny 172.18.0.109
access-list 1 deny 172.18.0.106
access-list 1 deny 172.18.0.107
access-list 1 deny 172.18.0.105
access-list 1 permit 172.0.0.0 0.255.255.255
Monday, December 6, 2010
case: telnet web port Dec 7 2010
Customer report he should not have the certificate on his nas server. but when doing the port checking, found the ssl module is running
P334> ip telnet 192.168.0.55 5000
Resolving 192.168.0.55... Connected to 192.168.0.55
Escape character is '^]'.
exit
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://(null)/webman/index.cgi">here</a>.</p>
<hr>
<address>Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a Server at * Port 5000</address>
</body></html>
Telnet session with remote host terminated.
P334> ip telnet 192.168.0.55 5000
Resolving 192.168.0.55... Connected to 192.168.0.55
Escape character is '^]'.
exit
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://(null)/webman/index.cgi">here</a>.</p>
<hr>
<address>Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/1.0.0a Server at * Port 5000</address>
</body></html>
Telnet session with remote host terminated.
Subscribe to:
Posts (Atom)