A bit more info required here, and also not really for this list.
E-mail me privately and I'll give you some help.
I assume your network allocation is X.X.X.0/26
I assume you have something like
ip access-group 121 in
on your external interface
1. The first line will match any spoofed IPs
2. lines 2,3,4 will match incoming smtp, and domain to host X.X.X.X
3. lines 5,6 will permit all icmp and tcp traffic
4. line 7 will deny all other IP traffic.
You will still be able to do domain and smtp to all machines because
line 6, so lines 2,3,4 are redundant
Config information for all interfaces and access lists would help.
-M
[EMAIL PROTECTED] wrote:
>
> Hi there,
>
> I am new to this lists. Thanks to all the people who have posted thier views
>here and helping others like me to learn and implement. I have configured my 2600 by
>reading all the articles posted here. Now i have a problem with the access-list here
>is my access-list:-
>
> access-list 121 deny ip X.X.X.0 0.0.0.192 any log
> access-list 121 permit tcp any host X.X.X.X eq 25 log
> access-list 121 permit tcp any host X.X.X.X eq 53 log
> access-list 121 permit udp any host X.X.X.X eq 53 log
> access-list 121 permit icmp any any log
> access-list 121 permit tcp any any log
> access-list 121 deny ip any any log
>
> The task is simple, block all unwanted traffic from the INTERNET and allow
>the one I want to. It doesnt work, I mean i cant ping anythin outside, i cant give
>any HTTP requests. The only thing thats works is the smtp part for the mailserver
>host. pls can anyone tellme where am i wrong.
>
> Thanks in advance.
>
> - Intekhab
> Network Engineer
>
>
> Contribute to a United India
> Get your free email account at http://www.sawaal.com
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
