See below. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Vincent Jordan > Sent: Thursday, January 29, 2004 12:08 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] [OT] another fire wall question. { screwed up > config} > > > > > > -----Original Message----- > > From: Vincent Jordan [mailto:[EMAIL PROTECTED] > > Sent: Thursday, January 29, 2004 3:02 PM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [IMail Forum] [OT] another fire wall question. { > > screwed up config} > > > > ok ive got to be doing something wrong. Every time I apply > > the lists I can not pass any traffic. > > > > This is what ive done > > access-list 100 remark DNS Begin > > access-list 100 permit tcp any eq domain x.x.x.x 255.255.255.255 > > access-list 100 permit udp any eq domain x.x.x.x 255.255.255.255 These lines needs to look like this: Access-list 100 permit udp any host ip.ad.re.ss eq 53 (where ip address = ip address of DNS server) Access-list 100 permit tcp any host ip.ad.re.ss eq 53
> >Access-list 100 remark DNS END > > Access-list 100 remark Mail Begin > > Access-list 100 permit tcp any eq pop3 x.x.x.x 255.255.255.255 This line needs to look like this: Access-list 100 permit tcp any host ip.add.re.ss eq 110 (where ip address = ip address of mail server) > > Access-list 100 permit tcp any eq smtp x.x.x.x 255.255.255.255 This one needs to look like this: Access-list 100 permit tcp any host ip.ad.re.ss eq 25 log (where ip address = ip address of mail server) > >Access-list 100 permit tcp any eq ftp x.x.x.x 255.255.255.255 This one needs to look like this: Access-list 100 permit tcp any host ip.ad.re.ss eq 21 log (where ip address = ip address of ftp server) > >Access-list 100 permit tcp any eq www x.x.x.x 255.255.255.255 This one needs to look like this: Access-list 100 permit tcp any host ip.ad.re.ss eq 80 log (where ip address = ip address of web server) > > Access-list 100 remark Mail END This is okay but I would do something like: Access-list 100 deny tcp any any lt 1024 log Access-list 100 deny udp any any lt 1024 log Then >>Access-list 100 deny ip any any >>Access list 101 permit ip any any > > > > > > Interface s 0/0 > > Access-group 100 in > > Access group 101 out > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Patrick > > > Fowler > > > Sent: Thursday, January 29, 2004 12:39 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [IMail Forum] [OT] another fire wall question. > > > > > > Here is my scan: > > > > > > Computer number: 1 > > > Name: NYNEX-M01 > > > IP address: 12.4.230.134 > > > > > > Ports (67 scanned, 7 opened, 60 closed) Port 21 - open Port > > 80 - open > > > Port 25 - open Port 110 - open Port 139 - open Port 445 - open Port > > > 1025 - open > > > > > > Patrick Fowler, CCNA > > > LAN/WAN - Email Administrator > > > Laramie County School District #1 > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Vincent > > > Jordan > > > Sent: Thursday, January 29, 2004 10:13 AM > > > To: [EMAIL PROTECTED] > > > Subject: [IMail Forum] [OT] another fire wall question. > > > > > > Could someone try to scan 12.4.230.134 and let me know if > > they see any > > > other services open other than pop smtp ftp and www? > > > > > > > > > > > > Thanks, > > > > > > > > > Vinny > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: > > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
