|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
Sam
Guest
|
 Posted: Sun Mar 02, 2008 3:13 am Post subject: ACL Question |
 |
|
I'm currently trying to setup my network to allow access to my lab from
the internet so I can play with it in my downtime while at work.
My network is using the 192.168 address range and I have e0 on my
access server (2509) assigned to this range so that I can get to it
from inside as well as route ports to it from my cable modem.
I'm trying to set up an ACL on the access server to deny telnet
connections back out of the e0 interface to any other computer on the
inside network. Specifically, I want to block access to my mail server
port 25 via telnet.
Everything I have tried thus far still allows access to the server from
the router. Any suggestions?
Sam |
|
| Back to top |
|
 |
|
|
Chris
Guest
|
| Posted: Sun Mar 02, 2008 5:17 am Post subject: Re: ACL Question |
|
|
On Sat, 1 Mar 2008 16:13:56 -0500, Sam wrote:
| Quote: | I'm currently trying to setup my network to allow access to my lab from
the internet so I can play with it in my downtime while at work.
My network is using the 192.168 address range and I have e0 on my
access server (2509) assigned to this range so that I can get to it
from inside as well as route ports to it from my cable modem.
I'm trying to set up an ACL on the access server to deny telnet
connections back out of the e0 interface to any other computer on the
inside network. Specifically, I want to block access to my mail server
port 25 via telnet.
Everything I have tried thus far still allows access to the server from
the router. Any suggestions?
Sam
|
So what have you tried? You just need to block TCP port 25! Show us your
acl's!!
Chris. |
|
| Back to top |
|
|
nwgarner@gmail.com
Guest
|
| Posted: Sun Mar 02, 2008 5:24 am Post subject: Re: ACL Question |
|
|
On Mar 1, 3:17 pm, Chris <mandrake...@hotmail.com> wrote:
| Quote: | On Sat, 1 Mar 2008 16:13:56 -0500, Sam wrote:
I'm currently trying to setup my network to allow access to my lab from
the internet so I can play with it in my downtime while at work.
My network is using the 192.168 address range and I have e0 on my
access server (2509) assigned to this range so that I can get to it
from inside as well as route ports to it from my cable modem.
I'm trying to set up an ACL on the access server to deny telnet
connections back out of the e0 interface to any other computer on the
inside network. Specifically, I want to block access to my mail server
port 25 via telnet.
Everything I have tried thus far still allows access to the server from
the router. Any suggestions?
Sam
So what have you tried? You just need to block TCP port 25! Show us your
acl's!!
Chris.
|
Routers aren't subject to their own ACLs. Rather, ACLs on interfaces
don't affect traffic originated by the router.
If you want to stop ALL connections from the router out to other
devices apply "transport output none" to the VTY lines:
line vty 0 4
transport output none
If you only want to deny telnet->host:25 but permit everything else
then:
access-list 101 deny tcp any host 192.168.1.25 eq 25
access-list 101 permit ip any any
line vty 0 4
access-class 101 out
Nick |
|
| Back to top |
|
|
|
|
