I am having a problem with an access-list on a 2600 router. It used for the clients T1 connection.
the access-list as follows:
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.128.0 0.0.15.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 permit tcp any any established
access-list 100 deny icmp any any timestamp-request
access-list 100 permit icmp any any
access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq smtp
access-list 100 permit tcp any any eq pop3
access-list 100 permit udp any any eq domain
access-list 100 deny udp any any log
access-list 100 deny tcp any any log
When this acl is applied inbound on the serial interface, all web browsing stops. Looking at the logs and acl counters, it shows that UDP port 53 is being denied via the "access-list 100 deny udp any any log" statement.
From my understanding, TCP port 53 is used between DNS servers and UDP port 53 is used for DNS queries between clients and DNS servers. The client is not hosting a DNS server, so they only need DNS queries and replies to pass.
Upon changing "access-list 100 deny udp any any log" to "access-list 100 permit udp any any log", all web browsing is enabled.
Could someone please shed some light on what I am missing here?
Thanks in advance,
Nathan Richie
