Steve when I apply the config I can not pass traffic to the world. Ive atached a copy of running config
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Steven Copeland > Sent: Thursday, January 29, 2004 3:21 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] [OT] another fire wall question. { > screwed up config} > > Okay, are these Cisco access list statements? if so, your > statements are wrong and since you are using a netmask of all > 255's, I'm assuming you are > trying to do just one IP host. Also, since you aren't doing > anything with > access-list 101 other than permit IP any any, then why do you > have an access list 101? Delete it and delete the entry from > int s0/0. Also, at the end of every Access list is an > implicit deny so unless it is there for your comfort, you > don't need that entry at all. > > Try this, you can just do a copy and paste > > no access-list 100 > no access-list 101 > ! > access-list 100 remark DNS Begin > access-list 100 permit tcp any host x.x.x.x eq domain > access-list 100 permit udp any host x.x.x.x eq domain > Access-list 100 remark DNS END Access-list 100 remark Mail > Begin Access-list 100 permit tcp any host x.x.x.x eq pop3 > Access-list 100 permit tcp any host x.x.x.x eq smtp > Access-list 100 permit tcp any host x.x.x.x eq ftp > Access-list 100 permit tcp any host x.x.x.x eq www > Access-list 100 remark Mail END ! > ! > Interface s 0/0 > Access-group 100 in > no Access group 101 out > end > > Steven > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Vincent Jordan > Sent: Thursday, January 29, 2004 2:02 PM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum] [OT] another fire wall question. { > screwed up config} > > > ok ive got to be doing something wrong. Every time I apply > the lists I can not pass any traffic. > > This is what ive done > access-list 100 remark DNS Begin > access-list 100 permit tcp any eq domain x.x.x.x > 255.255.255.255 access-list 100 permit udp any eq domain > x.x.x.x 255.255.255.255 Access-list 100 remark DNS END > Access-list 100 remark Mail Begin Access-list 100 permit tcp > any eq pop3 x.x.x.x 255.255.255.255 Access-list 100 permit > tcp any eq smtp x.x.x.x 255.255.255.255 Access-list 100 > permit tcp any eq ftp x.x.x.x 255.255.255.255 Access-list 100 > permit tcp any eq www x.x.x.x 255.255.255.255 Access-list 100 > remark Mail END Access-list 100 deny ip any any Access list > 101 permit ip any any > > > Interface s 0/0 > Access-group 100 in > Access group 101 out > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Patrick > > Fowler > > Sent: Thursday, January 29, 2004 12:39 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [IMail Forum] [OT] another fire wall question. > > > > Here is my scan: > > > > Computer number: 1 > > Name: NYNEX-M01 > > IP address: 12.4.230.134 > > > > Ports (67 scanned, 7 opened, 60 closed) Port 21 - open Port > 80 - open > > Port 25 - open Port 110 - open Port 139 - open Port 445 - open Port > > 1025 - open > > > > Patrick Fowler, CCNA > > LAN/WAN - Email Administrator > > Laramie County School District #1 > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Vincent > > Jordan > > Sent: Thursday, January 29, 2004 10:13 AM > > To: [EMAIL PROTECTED] > > Subject: [IMail Forum] [OT] another fire wall question. > > > > Could someone try to scan 12.4.230.134 and let me know if > they see any > > other services open other than pop smtp ftp and www? > > > > > > > > Thanks, > > > > > > Vinny > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ >
! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname APT-POP ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging buffered 4096 debugging enable secret enable password ! aaa new-model ! ! aaa authentication username-prompt Login: aaa authentication login local_auth local aaa session-id common ip subnet-zero no ip source-route no ip gratuitous-arps ip cef ! ! ip domain name edge.nynexbroadband.com ip name-server 12.4.230.131 ip name-server 12.127.16.67 ip dhcp excluded-address 12.4.230.129 12.4.230.224 ! ip dhcp pool Nynex-Local network 12.4.230.128 255.255.255.128 default-router 12.4.230.129 dns-server 12.4.230.131 12.127.16.67 12.127.17.71 domain-name nynexbroadbnad.com lease 0 12 ! ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! class-map match-any http-hacks match protocol http url "*cmd.exe*" match protocol http url "*root.exe*" ! ! policy-map mark-inbound-http-hacks class http-hacks set ip dscp 1 ! ! ! interface FastEthernet0/0 ip address 12.4.230.129 255.255.255.128 no ip redirects no ip unreachables no ip proxy-arp speed 100 full-duplex ntp disable no cdp enable ! interface Serial0/0 description ATT WAN ip address 12.127.48.222 255.255.255.252 ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables no ip proxy-arp service-policy input mark-inbound-http-hacks encapsulation ppp ntp disable no cdp enable ! no ip http server ip classless ip route 0.0.0.0 0.0.0.0 12.127.48.221 ! ! logging trap debugging logging facility local2 access-list 100 remark DNS Begin access-list 100 permit tcp any host 12.4.230.131 eq domain access-list 100 permit udp any host 12.4.230.131 eq domain access-list 100 remark DNS END access-list 100 remark Mail Begin access-list 100 permit tcp any host 12.4.230.134 eq pop3 access-list 100 permit tcp any host 12.4.230.134 eq smtp access-list 100 permit tcp any host 12.4.230.134 eq ftp access-list 100 permit tcp any host 12.4.230.134 eq www access-list 100 remark Mail dialer-list 1 protocol ip permit no cdp run ! line con 0 exec-timeout 3 0 login authentication local_auth transport preferred none transport output telnet line aux 0 exec-timeout 3 0 login authentication local_auth transport output telnet line vty 0 4 exec-timeout 3 0 password login authentication local_auth transport input telnet ! ! ! end
