Can't get to ip addresses that start with 12...

[colthirtytwo]

I'm new to cisco, and this is my first time setting up a cisco router.

I can't get to any ip addresses that are 12.X.X.X, nor can they get to me. I have a web server and an e-mail server behind the router. I am connected to a cable modem. I have used a sample config that I got from a friend. I can't find the problem. I need proffessional help.....any volunteers?

 

[ChrisAC]

Give us some examples of addresses that you can't get to.

Also, can you get to other addresses? Get you get to web sites? What works and what doesn't?

Post a config!

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[colthirtytwo]

I can't get to websites that begin with 12.X.X.X, or if a person has an ip address that begins with 12.X.X.X They can't get to my website. I can't connect to websites in that range, nor ftp. I haven't found any others yet. I can go anywhere else.

 

[colthirtytwo]

access-list 5 permit 192.168.10.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.255.255
access-list 5 permit 10.0.0.0 0.255.255.255
access-list 105 deny ip 192.168.10.0 0.0.0.255 any
access-list 105 permit ip any any
access-list 105 deny ip 192.168.0.0 0.0.0.255 any
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run

My internal ip range is 192.168.0.x and my external ip is 12.238.0.17 (

http://www.fakepoo.net)

 

[ChrisAC]

Where are your ACLs placed! Incoming on the inside interface or incoming on the outside interface or what?

You need to provide more information, like a full router config and tell us what you are trying to acheive with those access lists! You've got two access-lists, one that permits 192.168.0.0/24 and another one that denys the same range. I also note that you're permitting IPX routing on a dialer list! Very strange.

More information please.

Chris.
************************
Chris Andrew, CCNA
chrisac@gmx.co.uk
************************

 

[colthirtytwo]

!
ip subnet-zero
no ip finger
ip name-server 202.49.250.1
ip name-server 210.55.202.1
!
!
!
interface Ethernet0/0
mac-address 0080.c6ea.0be3
ip address 12.238.0.17 255.255.252.0
ip access-group 105 out
no ip directed-broadcast
ip nat outside
no ip mroute-cache
no cdp enable
!
interface Ethernet0/1
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
no cdp enable
!
ip default-gateway 12.238.0.1
ip nat pool global 12.238.0.17 12.238.0.17 netmask 255.255.252.0
ip nat inside source list 5 pool global overload
ip nat inside source static tcp 12.238.0.17 80 192.168.0.11 80 extendable
ip nat inside source static tcp 192.168.10.3 80 192.168.0.237 80 extendable
ip nat inside source static tcp 192.168.0.11 80 12.238.0.17 80 extendable
no ip classless
ip route 0.0.0.0 0.0.0.0 12.238.0.1
ip route 10.0.0.0 255.0.0.0 192.168.0.2
ip route 172.16.0.0 255.240.0.0 192.168.0.2
ip route 192.168.0.0 255.255.0.0 192.168.0.2
ip route 192.168.0.0 255.255.255.0 12.238.0.1
no ip http server
!
access-list 5 permit 192.168.10.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.0.255
access-list 5 permit 192.168.0.0 0.0.255.255
access-list 5 permit 10.0.0.0 0.255.255.255
access-list 105 deny ip 192.168.10.0 0.0.0.255 any
access-list 105 permit ip any any
access-list 105 deny ip 192.168.0.0 0.0.0.255 any
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
password ********
login
transport input pad v120 telnet rlogin udptn
line aux 0
line vty 0 4
password *********
login
!
end


I guess the dialers were setup by default? This is my first time to set up a cisco router. I have a bogus line for the static route to my web server (ip nat inside source static tcp 12.238.0.17 80 192.168.0.11 80 extendable), but I don't know how to get it out. I also have a line in there that was from the test configuration (ip nat inside source static tcp 192.168.10.3 80 192.168.0.237 80 extendable) that I did on another network. I'm sure you're thinking I'm an idiot....but I swear I'm not.....I'm just a virgin cisco user.

 

[colthirtytwo]

Just wanted to get this back on the first page.

 

[swj38]

I can't see why 12.x.x.x address would be a problem but you need to sort out your access list 105.

Becasue ACL's are hierachial the permit ip any any line will let everything through and the deny statements after it will not be queried.

Steve

 

[saleen351]

plus you are using both a standard and extended access list. start off by using a standard access list. then deny first, then permit second. just do one address at a time. this way you can find out exactly which list is giving you problems. try this;

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/1216ea1/3550scg/swacl.htm#xtocid105663

 

[katamann]

Hi
Your problem is
no ip classless
Execute 'ip classless' from global configuration mode.

-katamann

 

[czimmerm]

I'd agree with Katamann.
Also, have you looked at how your NAT/addressing is set up?
From what I can tell (and I'm probably wrong), it looks like you've got it NATing from 192.168.10.3 to 192.168.0.237
How come you're going between two private address spaces on your own network?

Sorry to ask questions instead of provide answers...

Z