I think the only ACL system that allows related, from my experience is IPTables. I was creating these on our layer 3 switches. Both Cisco and Extreme can do established traffic, however, they do not have an option for related as far as I can tell.
I think I have all the port worked out in my ACL. I haven't seen anything blocked trip the logs. Jes On Mon, Oct 24, 2011 at 8:05 PM, Josh Patten <[email protected]> wrote: > for the FTP bit, generally this traffic is considered RELATED, so as long > as your ACL allows RELATED traffic you shouldn't have an issue with these > high ports. > > On Mon, Oct 24, 2011 at 5:05 PM, Becker, Jesse <[email protected]>wrote: > >> All, >> We use strict ACLs on all our VLAN subnets and I was wondering if there >> was a documented list before I do trial/error testing. One of thing I have >> noticed so far is that the phone tries to reach out to the server using >> target ports in the high 50000 range. I have found that these are the >> passive mode ports configured in vsftpd, so I have opened them. Is there a >> documented list of ports that need to be opened up between a Polycom phone >> (UA client) and the SipX server? I currently have tftp 69, ftp 20-21 >> (including passive ports 50000-50050), sip 5060, moh 15060 opened. >> >> Thanks in advanced. >> >> Jes >> >> -- >> >> >> Jesse Becker | Technical Manager >> Network+ | Linux+ Certified Professional >> SunGard Higher Education @ SUNY Ulster >> 491 Cottekill Road, Stone Ridge, NY 12484 >> Tel 845-687-5064 | Fax 845-687-5105 >> [email protected] | www.sunyulster.edu >> >> <http://www.sunyulster.edu/> >> >> Check out our knowledge base: >> http://kb.sunyulster.edu<http://kb.sunyulster.edu/> >> >> >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> > > > > -- > Josh Patten > eZuce > Solutions Architect > O.978-296-1005 X2050 > M.979-574-5699 > > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > -- Jesse Becker | Technical Manager Network+ | Linux+ Certified Professional SunGard Higher Education @ SUNY Ulster 491 Cottekill Road, Stone Ridge, NY 12484 Tel 845-687-5064 | Fax 845-687-5105 [email protected] | www.sunyulster.edu <http://www.sunyulster.edu/> Check out our knowledge base: http://kb.sunyulster.edu<http://kb.sunyulster.edu/>
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
