Hi everyone, i am fairly new to working with routers, so please bare with me. Here is my situation: I have a cisco 2514 connected to my cable modem and i am getting my ip via dhcp on intE0 and running DHCP on intE1 which goes to my switch which will become my DMZ. I want to set up a DNS and web server on my DMZ. I also have port 3389 forwarding to my windows server which is the same server that is running the DNS and Web services. Now here are my questions:
1) Internally, my DNS service works fine, but how come when i use an nslookup out side of my network (lets say from my office) the request always times out? Did i configure the router correctly? Can someone tell me how to configure my router so that it will respond to dns requests? Does DNS respond back on a different port?
2)What are some good access-lists i should implement to lock down my router and hopefully keep wannabe hackers away? I tried to setup some access-lists, but everytime i do, all my internal clients cannot connect to the internet.
Thanks in advance for any help!
Here is a copy of my show run:
clock timezone EST -10
ip subnet-zero
ip name-server 24.25.227.34
ip name-server 24.25.227.35
ip name-server 24.25.227.36
ip name-server 24.25.227.37
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.5
!
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
domain-name hawaii.rr.com
default-router 192.168.1.1
dns-server 24.25.227.34
!
ip dhcp pool DMZ-POOL
!
!
!
!
interface Ethernet0
description Connection to WAN
ip address dhcp
ip access-group 101 in
ip nat outside
!
interface Ethernet1
description Connected to DMZ
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
!
interface Serial1
no ip address
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static udp 192.168.1.2 53 interface Ethernet0 53
ip nat inside source static tcp 192.168.1.2 23 interface Ethernet0 23
ip nat inside source static tcp 192.168.1.2 3389 interface Ethernet0 3389
ip classless
no ip http server
ip pim bidir-enable
!
access-list 1 permit any
no cdp run
!
!
!
end
1) Internally, my DNS service works fine, but how come when i use an nslookup out side of my network (lets say from my office) the request always times out? Did i configure the router correctly? Can someone tell me how to configure my router so that it will respond to dns requests? Does DNS respond back on a different port?
2)What are some good access-lists i should implement to lock down my router and hopefully keep wannabe hackers away? I tried to setup some access-lists, but everytime i do, all my internal clients cannot connect to the internet.
Thanks in advance for any help!
Here is a copy of my show run:
clock timezone EST -10
ip subnet-zero
ip name-server 24.25.227.34
ip name-server 24.25.227.35
ip name-server 24.25.227.36
ip name-server 24.25.227.37
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.5
!
ip dhcp pool DHCP-POOL
network 192.168.1.0 255.255.255.0
domain-name hawaii.rr.com
default-router 192.168.1.1
dns-server 24.25.227.34
!
ip dhcp pool DMZ-POOL
!
!
!
!
interface Ethernet0
description Connection to WAN
ip address dhcp
ip access-group 101 in
ip nat outside
!
interface Ethernet1
description Connected to DMZ
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
!
interface Serial1
no ip address
!
ip nat inside source list 1 interface Ethernet0 overload
ip nat inside source static udp 192.168.1.2 53 interface Ethernet0 53
ip nat inside source static tcp 192.168.1.2 23 interface Ethernet0 23
ip nat inside source static tcp 192.168.1.2 3389 interface Ethernet0 3389
ip classless
no ip http server
ip pim bidir-enable
!
access-list 1 permit any
no cdp run
!
!
!
end
