Okay, are these Cisco access list statements? if so, your statements are wrong and since you are using a netmask of all 255's, I'm assuming you are trying to do just one IP host. Also, since you aren't doing anything with access-list 101 other than permit IP any any, then why do you have an access list 101? Delete it and delete the entry from int s0/0. Also, at the end of every Access list is an implicit deny so unless it is there for your comfort, you don't need that entry at all.
Try this, you can just do a copy and paste no access-list 100 no access-list 101 ! access-list 100 remark DNS Begin access-list 100 permit tcp any host x.x.x.x eq domain access-list 100 permit udp any host x.x.x.x eq domain Access-list 100 remark DNS END Access-list 100 remark Mail Begin Access-list 100 permit tcp any host x.x.x.x eq pop3 Access-list 100 permit tcp any host x.x.x.x eq smtp Access-list 100 permit tcp any host x.x.x.x eq ftp Access-list 100 permit tcp any host x.x.x.x eq www Access-list 100 remark Mail END ! ! Interface s 0/0 Access-group 100 in no Access group 101 out end Steven -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vincent Jordan Sent: Thursday, January 29, 2004 2:02 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] [OT] another fire wall question. { screwed up config} ok ive got to be doing something wrong. Every time I apply the lists I can not pass any traffic. This is what ive done access-list 100 remark DNS Begin access-list 100 permit tcp any eq domain x.x.x.x 255.255.255.255 access-list 100 permit udp any eq domain x.x.x.x 255.255.255.255 Access-list 100 remark DNS END Access-list 100 remark Mail Begin Access-list 100 permit tcp any eq pop3 x.x.x.x 255.255.255.255 Access-list 100 permit tcp any eq smtp x.x.x.x 255.255.255.255 Access-list 100 permit tcp any eq ftp x.x.x.x 255.255.255.255 Access-list 100 permit tcp any eq www x.x.x.x 255.255.255.255 Access-list 100 remark Mail END Access-list 100 deny ip any any Access list 101 permit ip any any Interface s 0/0 Access-group 100 in Access group 101 out > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Patrick Fowler > Sent: Thursday, January 29, 2004 12:39 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] [OT] another fire wall question. > > Here is my scan: > > Computer number: 1 > Name: NYNEX-M01 > IP address: 12.4.230.134 > > Ports (67 scanned, 7 opened, 60 closed) > Port 21 - open > Port 80 - open > Port 25 - open > Port 110 - open > Port 139 - open > Port 445 - open > Port 1025 - open > > Patrick Fowler, CCNA > LAN/WAN - Email Administrator > Laramie County School District #1 > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Vincent Jordan > Sent: Thursday, January 29, 2004 10:13 AM > To: [EMAIL PROTECTED] > Subject: [IMail Forum] [OT] another fire wall question. > > Could someone try to scan 12.4.230.134 and let me know if > they see any other services open other than pop smtp ftp and www? > > > > Thanks, > > > Vinny > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
