> -----Original Message-----
> From: Engasser, Charlie [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 18 November 1999 12:25 AM
> To: 'Gushterul'
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: Cisco ACLs
>
>
> um...If you want any inbound traffic to be blocked at all, the permit
> needs to be last, otherwise the permit takes precedence.
> According to Cisco,
[Cisco quote snipped]
Uh, the permit comes last in the copy of the message _I_ got...
>
> [Engasser, Charlie]
> > On Tue, 16 Nov 1999, Engasser, Charlie wrote:
> >
> > > I have a combo question.
> > >
> > > I am running Firewall-1 3.0b 3048, and my router is a Cisco 2611
> > > running 12.0.6t.
> > >
> > > We are getting alot of chatter traffic on high ports above 30k
> > > coming inbound that appear to be associated with web browsing. The
> > > firewall blocks this traffic, and everything works fine.
> However if
> > I
> > > create an ACL on the router that denys the traffic such as:
> > >
> > > on ser 0/1:
> > >
> > > access-list 101 in
> > >
> > > access-list 101 deny tcp any any range 40000 45000 log
> > > access-list 101 permit ip any any
> > >
> > > Then the traffic stops flowing.
> > >
> > > can anyone explain this?
Yes. You're hallucinating. Either that or all the incoming traffic is
between tcp 40000 and 45000.
Try watching the console logs on the router - they'll tell you if
access-list 101 is blocking all sorts of traffic. You'll need to type "ter
mon" before you see the log entries if you're telnetting in. Otherwise, you
can type "sh ip acce" in exec, and that will list all your access-lists and
how many matches have been made against each statement.
G'luck!
--
Ben Nagy
Network Consultant, CPM&S Group of Companies
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
