Basic Firewall Question

Discussion in 'Cisco' started by bthetford, Sep 16, 2006.

  1. bthetford

    bthetford Guest

    I'm not completely familiar with how ACLs work in conjunction with the
    firewall, so I have a basic questions whic should answer what I need to
    know.

    Here's the configuration:

    Remote Host=====1811 Router=======Internal Server

    FE0 is hooked up to ISP
    Internal network is VLAN1
    Internal server is on VLAN1

    Internal server has public IP of 1.2.3.4 and internal ip of 10.9.8.7
    using static NAT.

    How can I block inbound access to a single port (say 1433, for example)
    originating from a remote host (ie any internet machine) to that
    internal server and then allow all other traffic?

    I'm trying to block a specific set of ports on FE0 but want to allow
    everything else to flow freely.
     
    bthetford, Sep 16, 2006
    #1
    1. Advertising

  2. In article <>,
    bthetford <> wrote:
    >I'm not completely familiar with how ACLs work in conjunction with the
    >firewall, so I have a basic questions whic should answer what I need to
    >know.
    >
    >Here's the configuration:
    >
    >Remote Host=====1811 Router=======Internal Server
    >
    >FE0 is hooked up to ISP
    >Internal network is VLAN1
    >Internal server is on VLAN1
    >
    >Internal server has public IP of 1.2.3.4 and internal ip of 10.9.8.7
    >using static NAT.
    >
    >How can I block inbound access to a single port (say 1433, for example)
    >originating from a remote host (ie any internet machine) to that
    >internal server and then allow all other traffic?
    >
    >I'm trying to block a specific set of ports on FE0 but want to allow
    >everything else to flow freely.


    access-list 101 deny tcp any host 1.2.3.4 eq 1433
    access-list 101 permit any

    Or udp or ip replacing tcp above. For a range say "range 1433 1455"

    int fe0
    ip access-group 101 in
    ...

    alan
     
    Alan Strassberg, Sep 17, 2006
    #2
    1. Advertising

  3. bthetford

    bthetford Guest

    > access-list 101 deny tcp any host 1.2.3.4 eq 1433
    > access-list 101 permit any
    >
    > Or udp or ip replacing tcp above. For a range say "range 1433 1455"
    >
    > int fe0
    > ip access-group 101 in
    > ...
    >
    > alan


    Thanks.
    That's exactly what I needed to know.
    I basically just needed to know the general syntax.
     
    bthetford, Sep 17, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Phil
    Replies:
    1
    Views:
    2,103
    Walter Roberson
    Dec 11, 2004
  2. Replies:
    1
    Views:
    545
    Walter Roberson
    Jun 14, 2005
  3. Jaime
    Replies:
    2
    Views:
    559
    Jaime
    Sep 20, 2003
  4. Jimmy Dean
    Replies:
    3
    Views:
    1,106
    Duane Arnold
    Jul 25, 2005
  5. Sharp Dressed Man

    TurboTax Basic vs. Taxcut Basic?

    Sharp Dressed Man, Jan 10, 2009, in forum: Computer Support
    Replies:
    1
    Views:
    677
    Sharp Dressed Man
    Jan 12, 2009
Loading...

Share This Page