Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Re: Re: router access control list

From: "Erick Jensen" <ejensen () vibrant com>
Date: Sun, 5 Nov 2006 01:23:53 -0600
You have the lists done correctly.  There's just some missing part
there.  You have issued the "access-group 111 in" on the ATM0 interface?
Or even a "access-group 110 out" on ATM0?  Help us out here and send a
"show run" output.  ****change you passwords before/after you do!****
It's probably something simple we're missing here.

"show tech" is also useful output, but it's MUCH MUCH larger to weed
through.



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of apaez1084 () gmail com
Sent: Thursday, November 02, 2006 12:23 PM
To: security-basics () securityfocus com
Subject: Re: Re: Re: Re: router access control list

ok this is the ACL i created. 110 is the real one that i want to place
on the router 111 is just one that im using to see if it works. 
Extended IP access list 110
    10 permit tcp any any eq www (17 matches)
    20 permit tcp any any eq 3390
    30 permit tcp any any eq 3389 (16 matches)
    40 permit tcp any any eq ftp
    50 permit tcp any any eq ftp-data
    60 permit tcp any any eq pop3
    70 permit tcp any any eq smtp
    80 permit tcp any any eq 3399
    90 permit tcp any any eq 3391
    100 permit tcp any any eq 7603
    110 permit tcp any any eq 443
    120 permit tcp any any eq 3395
    130 permit tcp any any eq 47281
    140 permit udp any any eq 47281
    150 permit udp any any eq 7603
    160 permit tcp any any eq 8080
    170 permit tcp any any eq telnet (92 matches)
Extended IP access list 111
    10 permit tcp any any eq www (106 matches)
    20 permit tcp any any eq 3390
    30 permit tcp any any eq telnet (722 matches)

OK now that you just say my access-list. Im working with 111 because i
want to see if from out side i can get in to port 3389. thats not
permited. 

I remote connet to mexico server and then from server remote connect
back in here. Now i have NAT on so the ip addresses are not the same but
the port are the same. I put ACL 111 in interface ATM0 in/out and
absolutly nothing happens. I can get to any port i want from mexico
serv. 

And when I put it on interface e0 in/out everythig stops working.

Do i suck that mad at this or there is something im missing. Help Please

Thank You

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: