Hi.. I'm using cisco access lists to deny users with cable modems to access our network. The problem is: I needed to add the services the users allowed to do when they are using our internal systems. some of them is... modem sync.. (DHCP requests from both modem & user's computer.)
so iv'e added the list of ports needed. bootps, tftp, time. to both our CNR's 172.19.2.5, 172.19.4.5. ... ............. access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.4.5 eq bootps access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.2.5 eq bootps access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.4.5 eq tftp access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.2.5 eq tftp access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.4.5 eq time access-list 111 permit udp 10.0.0.0 0.255.255.255 host 172.19.2.5 eq time ........... ...... access-list 111 deny ip 10.0.0.0 0.255.255.255 172.16.0.0 0.15.255.255 access-list 111 permit ip any any And the customers modems just didn't went online... So i brought a GI modem with internal modem webpage so i'll be able to see in what status he is being blocked. and i've also went to debugging mode on the router. snooped a bit. and i saw there are requests from the modems to ports that are higher than 60000... So i've also enabled port 60000 and greater. so now i solved the problem. access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.4.5 gt 60000 access-list 111 permit udp 10.64.0.0 0.31.255.255 host 172.19.2.5 gt 60000 .......................... But... I still wanna know why do i need those ports open? And which service is using them? Thanks -Shay Hugi -Mpthrill.com > --__--__-- > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > > > End of Firewalls Digest -- Firewalls mailing list - [ [EMAIL PROTECTED] ] To unsubscribe: http://www.isc.org/services/public/lists/firewalls.html