But how would that affect outbound return traffic? An extended access list
will block a port; from this either in of outbound traffic can be denied.
What we noticed in lab was that if we blocked inbound telnet sessions, we
could not telnet to another student's router. The return packets were
denied. Either that or the other end had somehow blocked us as well (which
they shouldn't have for the purposes of the lab). What are thoughts on that?
Paul
-----Original Message-----
From: Dale Holmes [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 05, 2000 1:56 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: ftp out
Access lists are applied in one direction or the other - in, or out. So you
are probably looking at an access list that is applied to inbound traffic,
blocking incoming ftp requests.
A very rudimentary access list entry, that blocks ftp from any source to any
destination might look like this:
access-list 101 deny tcp any any eq ftp
Keep in mind that this entry on its own blocks everything, not just incoming
ftp, because all access lists end with an implicit deny any.
You have to explicitly permit something...
Here is an example that blocks ftp, but permits everything else:
access-list 101 deny tcp any any eq ftp
access-list 101 permit ip any any
You then need to apply the access-list to an interface, and specify whether
it applies to inbound or outbound traffic. Use the "ip access-group"
command.
Router(config)#interface s0
Router(config-if)ip access-group 101 in
You can get much more detail on this here (watch for URL word wrap):
http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/n
p1_r/1rip.htm#1250
I hope this helps...
Dale
[=`)
>From: "SH Wesson" <[EMAIL PROTECTED]>
>Reply-To: "SH Wesson" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: ftp out
>Date: Tue, 05 Sep 2000 19:23:03 GMT
>
>How do I configre an access list such that it only allow users to ftp out,
>but not any ftp in. Thanks.
>_________________________________________________________________________
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
