Dale:
You really think DEEP.
(You meant 214.3.1.50 instead of 214.3.2.50, right?)
""Dale Holmes"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> What is strange about it is that I can't tell where 214.3.2.50 is in
> relation to the router interface on which this list is applied.
>
> The first two lines allow tcp connections on ports between 6000 and 6063
> both TO and FROM host 214.3.2.50.
>
> Which direction is this list applied, and on which interface?
>
> Say for argument that it is an incoming list on int s0. Let's say that
host
> 214.3.2.50 opens a tcp connection on port 6001 to some host not on its
local
> subnet. The packet will hit int s0, and be subject to the list. It matches
> line one, and so it is permitted. The intended recipient receives the
> message, and replies. Without even going into which port the reply is sent
> to, is it true that the reply will ALSO COME INTO s0? If not, then why
> permit traffic TO as well as FROM? Is host 214.3.2.50 a server that is one
> of many offering services on ports 6000 - 6063?
>
> OR - is this list applied to multiple interfaces and for simplicity's sake
> includes entries for either direction? Hmmm...
>
> By the way, lines 4 and 6 are identical. Maybe line 6 was intended to
filter
> UDP?
>
> Other than lines 4 and 6, this list is not redundant, but without seeing a
> drawing I have to say that depending on how many interfaces it is applied
to
> and what direction(s) it is applied, I am not sure that this list does
what
> the author thinks it does...
>
> Does that help?
>
> Dale
> [=`)
>
>
> >From: "Deloso, Elmer G." <[EMAIL PROTECTED]>
> >Reply-To: "Deloso, Elmer G." <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> >Subject: Easier way to do Access-lists
> >Date: Thu, 17 Aug 2000 13:59:16 -0400
> >
> >Hi, group.
> >Below is a sample ACL, and I need to find out if there's an easier way to
> >input
> >these seemingly redundant entries. Thanks.
> >access-list 111 permit tcp host 214.3.1.50 any range 6000 6063 log
> >access-list 111 permit tcp any host 214.3.1.50 range 6000 6063 log
> >access-list 111 permit tcp host 214.3.1.50 any eq 161 log
> >access-list 111 permit tcp any host 214.3.1.50 eq 161 log
> >access-list 111 permit udp host 214.3.1.50 any eq 161 log
> >access-list 111 permit tcp any host 214.3.1.50 eq 161 log
> >access-list 111 deny ip 211.0.0.0 0.255.255.255 any log
> >access-list 111 deny ip 212.0.0.0 0.255.255.255 any log
> >access-list 111 permit ip any any
> >
> >Elmer
>
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ___________________________________
> UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info: http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> ---
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
