> access-list <100-199> permit tcp <your-source -network address>
> <your-source-net-mask> host <your-server-address> range 20 21
> access-list <100-199> permit tcp any host <your-server-address> eq 80
>
> you can use any extended access-list # (100-199) - extended for
> source/destination/traffic-type - permit 20 and 21 (ftp and ftp-data) for
> your address space, and permit www/http (port 80) for anyone - I assume
that
> you want others to be able to browse your web server...
>
> apply to the appropriate interface (ie your external, outward facing WAN
> port, applied inbound) - in this instance you shouldn't even need the
first
> permit as internal traffic won't traverse that interface - kill off
unwanted
> traffic at entry point to be sure
>
> remeber the implicit deny...
>
> HTH
>
> ANdy
> ----- Original Message -----
> From: Elise J Lowenstein <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 01, 2000 2:50 PM
> Subject: Newbie Access-List question
>
>
> > Hi all,
> > This is my first post and I hope it is appropriate.
> >
> > I'd like to create an access list.
> > Here's the situation:
> >
> > I need to restrict FTP traffic to a web server. We would like
> > people
> > within our domain to be able to ftp to the web server. The second half
is
> > that we do not want any ftp traffic from outside of our domain hitting
the
> > web server.
> >
> > We are running ios 11.3.
> >
> > Any suggestions?
> > Thanks,
> > Elise
> >
> > ___________________________________
> > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> > FAQ, list archives, and subscription info: http://www.groupstudy.com
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
