[rbak-nsp] CLIPS - no access to hosts from outside

Łukasz Kopiszka lukasz at alfa-system.pl
Mon Apr 22 13:15:09 EDT 2013


I have strange problem.

I can connect anyware from host A.B.C.D using CLIPS
but I can't connect to from anyware to host A.B.C.D

No ACK flag from host A.B.C.D using CLIPS from outside.

For ex. I try to connect on port 80 and that all I get from host A.B.C.D:
18:41:15.665328 IP 10.1.1.210.39524 > A.B.C.D.80: Flags [S], seq 
2269662492,


context CLIPS
!
  no ip domain-lookup
!
  interface CLIENTS-IPoE multibind
   ip address 91.xx.yy.z/24
   dhcp server interface
   ip arp proxy-arp
!
  interface UPLINK
  ip address 91.xx.yy.z/28
  logging filter syslog debug
  logging console
!
  policy access-list CLIPS-DEFAULT
   seq 999 permit ip any any class Permit
!
  aaa authentication administrator local
  aaa authentication administrator maximum sessions 1
  aaa authentication subscriber radius global
  aaa accounting subscriber radius
  aaa update subscriber 10
  radius accounting server 91.xx.yy.zz encrypted-key xyz
  radius coa server 91.xx.yy.zz encrypted-key xyz port 3799
!
  radius server 91.x.y.z encrypted-key xyz
!
  subscriber default
    qos policy policing customer-out
    qos policy metering customer-in
!
  ip route 0.0.0.0/0 91.x.y.z
!
!
  dhcp server policy
    nak-on-subnet-deletion
    default-lease-time 1800
    maximum-lease-time 3600
    subnet 91.x.y.0/24 name DHCP-Pool-CLIPS
      option domain-name-server 91.x.y.z 91.xx.yy.zz
!
!
!
end

qos queue-map default
  num-queues 2
   queue 0 priority 0
   queue 1 priority 1 2 3 4 5 6 7
  num-queues 4
   queue 0 priority 0
   queue 1 priority 1 2
   queue 2 priority 3 4 5 6
   queue 3 priority 7
  num-queues 8
   queue 0 priority 0
   queue 1 priority 1
   queue 2 priority 2
   queue 3 priority 3
   queue 4 priority 4
   queue 5 priority 5
   queue 6 priority 6
   queue 7 priority 7
!
forward policy CLIPS-DEFAULT
  ip access-group CLIPS-DEFAULT CLIPS
   class Permit
!
qos policy customer-in metering
  rate 1024 time-burst 500 time-excess-burst 1000
  rate-calculation exclude layer-2-overhead
!
qos policy customer-out policing
  rate 1024 time-burst 500 time-excess-burst 1000
  rate-calculation exclude layer-2-overhead
!
end


Any sugguestion?

-- 
Pozdrawiam,
Łukasz Kopiszka
www.alfa-system.pl



More information about the redback-nsp mailing list