Re: cisco access-lists

Thu, 24 Aug 2000 12:35:27 -0700 

Hi Justin,

You created the ACL (below) in config mode, next you need to go into
interface config mode by typing 'int E0 or Int S0' (or whatever your interface
you want to filter on and type the following:

ip access-group 103 in (or "out" if you're trying to enable an outgoing ACL)

Next you need to filter All rfc1918 addresses AND filter incomming (Spoofed)
traffic sourced from you internal network.

here's a web site you may want to check out:

http://www.cisco.com/warp/public/707/21.html 


cheers..





>>> Justin Tamakawa <[EMAIL PROTECTED]> 08/24/00 10:09AM >>>
I'm having a problem with my access-list for my cisco router.  Let me give
you my exact acess-list : 
 
access-list 103 permit tcp any any eq 80 (Web)
access-list 103 permit tcp any any eq 443 (secure web(cybercash, kmart,
etc))
access-list 103 permit tcp any any eq 25 (SMTP)
access-list 103 permit tcp any any eq 21 (FTP)
access-list 103 permit tcp any any eq 23 (Telnet)
access-list 103 permit tcp any any eq 5190 (AIM)
access-list 103 permit tcp any any eq 7070 (Realaudio)
access-list 103 permit tcp any any eq 53 (DNS)
access-list 103 permit ip 216.*.*.* 0.0.0.0 any 
access-list 103 permit ip 216.*.*.* 156 0.0.0.0 any 
access-list 103 permit ip 63.*.*.* 0.0.0.0 any 
access-list 103 permit tcp any any eq 106
access-list 103 permit udp any any eq 106
access-list 103 permit tcp any any eq 109
access-list 103 permit udp any any eq 109
access-list 103 permit tcp any any eq 110
access-list 103 permit udp any any eq 110
access-list 103 permit tcp any any eq 554
access-list 103 permit tcp any any eq 7070
access-list 103 permit tcp any any eq 8080
access-list 103 permit tcp any any eq 9090
access-list 103 permit tcp any any eq 8181
 
Of Course what is in the parenthesis is not included in the list.  For some
reason, the workers in my LAN don't have access to the www, among other
things.  What am I doing wrong?  I am allowing tcp port 80, from anywhere to
anywhere, so I can't see what the problem is.  Oh - by the way, this is on
my line coming in the the web.
Any help is definitely appreciated!
 
Thanks a MILLION,
 
Justin

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to