weird ports on some requests.

Wed, 12 Jun 2002 17:07:45 -0700 


Hi..
I'm using cisco access lists to deny users with cable modems to access our
network.
The problem is:
I needed to add the services the users allowed to do when they are using our
internal systems.
some of them is... modem sync..  (DHCP requests from both modem & user's
computer.)

so iv'e added the list of ports needed.
bootps, tftp, time. to both our CNR's 172.19.2.5, 172.19.4.5.
...
.............
access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.4.5 eq bootps
access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.2.5 eq bootps
access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.4.5 eq tftp
access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.2.5 eq tftp
access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.4.5 eq time
access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.2.5 eq time
...........
......
access-list 111 deny   ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255
access-list 111 permit ip any any

And the customers modems just didn't went online...
So i brought a GI modem with internal modem webpage so i'll be able to see
in what status he is being blocked. and i've also went to debugging mode on
the router.

snooped a bit.
and i saw there are requests from the modems to ports that are higher than
60000...
So i've also enabled port 60000 and greater. so now i solved the problem.

access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.4.5 gt 60000
access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.2.5 gt 60000
..........................

But...

I still wanna know why do i need those ports open?
And which service is using them?

Thanks
-Shay Hugi
-Mpthrill.com


> --__--__--
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> For Account Management (unsubscribe, get/change password, etc) Please go
to:
> http://lists.gnac.net/mailman/listinfo/firewalls
>
>
> End of Firewalls Digest

-- 
Firewalls mailing list - [ [EMAIL PROTECTED] ]
To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html

Reply via email to