NAT Order of Operations

Handy info to know… the path a packet takes through the router…

..webcache…policy routing….routing… NAT….crypto (IPSec)….Encryption…

more details here

– to let the packet go through the IPSec tunnel, you have to deny it in NAT and permit it in the crypto


Posted in ccip, cisco | Leave a comment

How to Enable Windows 7 Ping Response in Firewall November 9, 2009 By Dinesh 14 Comments

By default, Windows 7 doesn’t allow ping from hitting its firewall.
Here’s the guide I found on enabling that.. follow this link

Posted in windows | Leave a comment

Change VMware ESXi networking configs

see this page

remember that in the vSwitch0, vlan0 = vlan1 in the Cisco world. So if you want your VMs to be on the same subnet as your ESXi Box.. set the vlan to 0.

Posted in cisco, linux | Leave a comment

Use Windows Laptop to find the Cisco Port it is plugged into using CDPR

Using the Open Source software, CDPR (Cisco Discovery Protocol Reporter) from SourceForge, you can decode CDP advertisements from within Windows to find out which port on which switch you are connected to.

the process:
1. install winpcap from here
2. download CDPR windows version from here
3. Open a command prompt window, change to the directory where cdpr.exe is located and type cdpr . You will be asked to select a number corresponding to a particular network adapter where you wish to decode CDP packets from. Enter the relevant number and press enter.

Where art thou? – CDPR

Posted in cisco, linux | Leave a comment

CentOS as a NAT/FW/Router in 4 steps

I used this guide recently. Very handy and quick.

Below is my shell script to run in the /etc/rc.d/rc.local


/sbin/ifconfig eth0 netmask
/sbin/ifconfig eth0:1 netmask

/sbin/ifconfig eth1 netmask

route add default gw

echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT

### port forward to the internal Server1 box
# Server1 port 8080
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d --dport 8080 -j DNAT --to
# Server1 snmp traps
/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d --dport 162 -j DNAT --to
# Server2 port 80
/sbin/iptables -t nat -A PREROUTING -p tcp -i eth0 -d --dport 80 -j DNAT --to

route add -net netmask gw
route add -net netmask gw
route add -net netmask gw
route add -net netmask gw

Posted in linux | Leave a comment

CentOS firewall generator

go here

Posted in linux | Leave a comment

Port-channel + Intel NIC Teaming combination

at server, go to network interfaces
TEAM interface> properties> configure> Settings> Modify Team> Type> IEEE 802.3ad dynamic link aggregation OR static link aggregation

combinations are:

at server = IEEE 802.3ad dynamic link aggregation
at switch = channel-group mode active (LACP)

at server = static link aggregation
at switch = channel-group mode on (no PAgP or LACP negotiation)

Group Port-channel Protocol Ports
4 Po4(SU) LACP Gi1/0/25(P) Gi2/0/25(P)

Posted in ccip, cisco, windows | Leave a comment