Looking for a new router - Page 10

CliffyG · 24-12-2006, 10:14

Still having problems with this

.

Here's my access list:

ip access-list extended WAN-IN
remark Torrent uses TCP and UDP
permit tcp any host 87.127.112.125 eq 55896
permit udp any host 87.127.112.125 eq 55896
remark PES6
permit tcp any host 87.127.112.125 eq 5739
remark Established
permit tcp any host 87.127.112.125 established
remark DNS
permit udp any host 87.127.112.125 eq domain
remark NTP
permit udp any host 87.127.112.125 eq ntp
remark Log Other
deny ip any any log

Here's how i applied it to the dialer:

interface Dialer0
ip access-group WAN-IN in

Here's the results from show access-list:

Extended IP access list WAN-IN
10 permit tcp any host 87.127.112.125 eq 55896
20 permit udp any host 87.127.112.125 eq 55896
30 permit tcp any host 87.127.112.125 eq 5739
40 permit tcp any host 87.127.112.125 established (653 matches)
50 permit udp any host 87.127.112.125 eq domain
60 permit udp any host 87.127.112.125 eq ntp (9 matches)
70 deny ip any any log (141 matches)

And here's the log:

I can't browse or ping by name or ip address. The entries show my 2 DNS servers sending on port 53 but they appear to be arriving as random ports, trying 2 then changing again.

EDIT

Just had a thought, is there a command i need to enter to make the cisco act as a dns server? As when i change my pc's tcp settings to point at the router dns stops working.

CliffyG · 02-01-2007, 19:33

Got it all working now at last. The DNS was getting stopped as although the source was 53 it's destination was a different port. I changed the DNS bit from:

remark DNS
permit udp any host 87.127.112.125 eq domain

To:

remark DNS
permit udp host 195.74.102.146 eq domain host 87.127.112.125
permit udp host 195.74.102.147 eq domain host 87.127.112.125
permit udp host 195.74.113.58 eq domain host 87.127.112.125
permit udp host 195.74.113.62 eq domain host 87.127.112.125

Which allows it in from 4 possible DNS servers.

CliffyG · 10-01-2007, 14:12

Just a little update. Once the connection is stable (sometimes tries a few times) it is rock solid. Not had any drops and only a negligable hit on browsing when downloading torrents. I'm finding that every torrent has more peers / seeds than on my old router, i guess it just couldnt handle them. I had 8 downloading at a total speed of around 380kbps and i would say the browsing speed was increased by a fraction of a second on some pages. Very impressive. Next step is to get syslogging and NTOP sorted

.

24-12-2006, 10:14	#91
CliffyG Vodka Martini Join Date: Aug 2006 Location: Lower Cambourne Posts: 576	Still having problems with this . Here's my access list: ip access-list extended WAN-IN remark Torrent uses TCP and UDP permit tcp any host 87.127.112.125 eq 55896 permit udp any host 87.127.112.125 eq 55896 remark PES6 permit tcp any host 87.127.112.125 eq 5739 remark Established permit tcp any host 87.127.112.125 established remark DNS permit udp any host 87.127.112.125 eq domain remark NTP permit udp any host 87.127.112.125 eq ntp remark Log Other deny ip any any log Here's how i applied it to the dialer: interface Dialer0 ip access-group WAN-IN in Here's the results from show access-list: Extended IP access list WAN-IN 10 permit tcp any host 87.127.112.125 eq 55896 20 permit udp any host 87.127.112.125 eq 55896 30 permit tcp any host 87.127.112.125 eq 5739 40 permit tcp any host 87.127.112.125 established (653 matches) 50 permit udp any host 87.127.112.125 eq domain 60 permit udp any host 87.127.112.125 eq ntp (9 matches) 70 deny ip any any log (141 matches) And here's the log: I can't browse or ping by name or ip address. The entries show my 2 DNS servers sending on port 53 but they appear to be arriving as random ports, trying 2 then changing again. EDIT Just had a thought, is there a command i need to enter to make the cisco act as a dns server? As when i change my pc's tcp settings to point at the router dns stops working. __________________ Last edited by CliffyG; 24-12-2006 at 10:30.

02-01-2007, 19:33	#92
CliffyG Vodka Martini Join Date: Aug 2006 Location: Lower Cambourne Posts: 576	Got it all working now at last. The DNS was getting stopped as although the source was 53 it's destination was a different port. I changed the DNS bit from: remark DNS permit udp any host 87.127.112.125 eq domain To: remark DNS permit udp host 195.74.102.146 eq domain host 87.127.112.125 permit udp host 195.74.102.147 eq domain host 87.127.112.125 permit udp host 195.74.113.58 eq domain host 87.127.112.125 permit udp host 195.74.113.62 eq domain host 87.127.112.125 Which allows it in from 4 possible DNS servers. __________________

10-01-2007, 14:12	#93
CliffyG Vodka Martini Join Date: Aug 2006 Location: Lower Cambourne Posts: 576	Just a little update. Once the connection is stable (sometimes tries a few times) it is rock solid. Not had any drops and only a negligable hit on browsing when downloading torrents. I'm finding that every torrent has more peers / seeds than on my old router, i guess it just couldnt handle them. I had 8 downloading at a total speed of around 380kbps and i would say the browsing speed was increased by a fraction of a second on some pages. Very impressive. Next step is to get syslogging and NTOP sorted . __________________

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode