One problem I immediately see is that the source ports should be smtp and
pop3, not the destination ports.
""Daniel Ma"" <[EMAIL PROTECTED]> wrote in message
8ju278$ikm$[EMAIL PROTECTED]">news:8ju278$ikm$[EMAIL PROTECTED]...
> Let's use this scenario.
> 1. The clients are inside the corporate network, with private IP. Let's
say
> 192.168.1.0, public range 202.166.1.0/28. The router is doing dynamic NAT.
> 2. The E-mail server is in the ISP.
> 3. Primary DNS is inside corporate network.
>
> I use following access-list, however the clients could not access internet
> mail. Is there any more ports I should open?
>
> Another question, for DNS, both TCP and UDP have port 'domain '. What's
the
> difference?
>
> Following are examples of access-list:
>
> int s0
> access-list 101 in
>
> access-list 101 permit tcp any 202.166.1.0 0.0.0.15 established
> access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq smtp
> access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq pop3
> access-list 101 permit ip 202.166.1.0 0.0.0.15 any
> access-list 101 permit tcp any 202.166.1.0 0.0.0.15 eq domain
> access-list 101 permit udp any 202.166.1.0 0.0.0.15 eq domain
>
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
