Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Basic Firewall Question

Reply
Thread Tools

Basic Firewall Question

 
 
bthetford
Guest
Posts: n/a
 
      09-16-2006
I'm not completely familiar with how ACLs work in conjunction with the
firewall, so I have a basic questions whic should answer what I need to
know.

Here's the configuration:

Remote Host=====1811 Router=======Internal Server

FE0 is hooked up to ISP
Internal network is VLAN1
Internal server is on VLAN1

Internal server has public IP of 1.2.3.4 and internal ip of 10.9.8.7
using static NAT.

How can I block inbound access to a single port (say 1433, for example)
originating from a remote host (ie any internet machine) to that
internal server and then allow all other traffic?

I'm trying to block a specific set of ports on FE0 but want to allow
everything else to flow freely.

 
Reply With Quote
 
 
 
 
Alan Strassberg
Guest
Posts: n/a
 
      09-17-2006
In article <(E-Mail Removed). com>,
bthetford <(E-Mail Removed)> wrote:
>I'm not completely familiar with how ACLs work in conjunction with the
>firewall, so I have a basic questions whic should answer what I need to
>know.
>
>Here's the configuration:
>
>Remote Host=====1811 Router=======Internal Server
>
>FE0 is hooked up to ISP
>Internal network is VLAN1
>Internal server is on VLAN1
>
>Internal server has public IP of 1.2.3.4 and internal ip of 10.9.8.7
>using static NAT.
>
>How can I block inbound access to a single port (say 1433, for example)
>originating from a remote host (ie any internet machine) to that
>internal server and then allow all other traffic?
>
>I'm trying to block a specific set of ports on FE0 but want to allow
>everything else to flow freely.


access-list 101 deny tcp any host 1.2.3.4 eq 1433
access-list 101 permit any

Or udp or ip replacing tcp above. For a range say "range 1433 1455"

int fe0
ip access-group 101 in
...

alan
 
Reply With Quote
 
 
 
 
bthetford
Guest
Posts: n/a
 
      09-17-2006
> access-list 101 deny tcp any host 1.2.3.4 eq 1433
> access-list 101 permit any
>
> Or udp or ip replacing tcp above. For a range say "range 1433 1455"
>
> int fe0
> ip access-group 101 in
> ...
>
> alan


Thanks.
That's exactly what I needed to know.
I basically just needed to know the general syntax.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Cisco PIX Application level firewall or Packet level firewall? Learning Cisco Cisco 3 10-15-2005 12:55 AM
Increasing data transfer on a firewall to firewall vpn connection providencebuddy@yahoo.com Cisco 1 06-14-2005 10:20 PM
Connecting to a PIX firewall using cisco VPM client though a Linksys WAG54G with eth firewall enabled Phil Cisco 1 12-11-2004 12:30 PM
RMI client behind a firewall, server behind a firewall too Robert Dodier Java 6 09-14-2004 09:23 PM
Firewall and Norton Firewall Mark Wilson Computer Support 0 11-05-2003 06:35 AM



Advertisments