Hi Charlie,
There are two sides to every TCP conversation. In the normal situation,
the web browser initiates with a message from a high port (1024 or
higher) to the destination on port 80. The web server replies back
from its port 80 to the browser computer's original port.
Your "deny" is dropping those replies, since it doesn't distinguish
between replies in an ongoing connection and messages to
initiate a new connection.
If you are trying to block outsiders from initiating new connections
to those high ports, you'll want to add "setup" at the end of the
"deny" rule. Or, be more general, and say something like
access-list 101 deny tcp any any gt 1023 setup log
(I believe this is the Cisco syntax - check your docs to be sure).
Hope this helps.
Carol
"Engasser, Charlie" wrote:
>
> I have a combo question.
>
> I am running Firewall-1 3.0b 3048, and my router is a Cisco 2611
> running 12.0.6t.
>
> We are getting alot of chatter traffic on high ports above 30k
> coming inbound that appear to be associated with web browsing. The
> firewall blocks this traffic, and everything works fine. However if I
> create an ACL on the router that denys the traffic such as:
>
> on ser 0/1:
>
> access-list 101 in
>
> access-list 101 deny tcp any any range 40000 45000 log
> access-list 101 permit ip any any
>
> Then the traffic stops flowing.
>
> can anyone explain this?
>
> Charles Engasser
> Contracted Network Engineer
> Joint STARS; Joint Test Force.
> SC; Titan Inc.
> (407) or (321) 726-7048
> (407) or (321) 726-7243 (fax)
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
Carol Deihl - principal, Shrier and Deihl - mailto:[EMAIL PROTECTED]
Remote Unix Network Admin, Security, Internet Software Development
Tinker Internet Services - Superior FreeBSD-based Web Hosting
http://www.tinker.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
