RE: packet filtering and nat (yea ugh) [7:143]

Tue, 10 Apr 2001 18:33:17 -0700 

So in effect you are saying:

Inbound:

DENY anyone's incoming packets who has the SYN bit set but NOT SYN/ACK
ALLOW anything else at the moment  ( inbound )

And outbound:

ALLOW ANYONE to communicate with the internet FROM inside. (nat'ed rfc1918)

Is this really what you want to do? Cuz inbound it appears to these eyes
that the only deny inbound is the syn without ack

Chuck




-----Original Message-----
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
David Cooper
Sent:   Tuesday, April 10, 2001 5:36 PM
To:     [EMAIL PROTECTED]
Subject:        packet filtering and nat (yea ugh) [7:143]

Hiya,

        Im somewhat stumped here and could use some help from the folks.
I have a 2610 doing NAT over a cablem modem and really need to tighten it up
just a bit.  The router is communicating with the internet via e0/0 and the
internal network is running over s0/0 ( till I get an NM-1E ). My policy is
somewhat open as follows:

ALLOW ANYONE to communicate with the internet FROM inside. (nat'ed rfc1918)
ALLOW inbound http from anyone to internal network (translated and working)
ALLOW inbound ssh from anyone to internal network (translated and working)
DENY anyone's incomming packets who has the SYN bit set but NOT SYN/ACK.
ALLOW anything else at the momment
default DENY

Most of this policy is to be enforced inbound e0/0.
I have tried to implement the syn !syn/ack with extended rules
access-list 102 deny tcp any any syn

but when I apply this with an allow any any onto e0/0, all the outbound
packets die either the syn/ack's from outside sites are getting denied or it
never leaves the router to begin with. I cannot define a rule to pick out
pure syn bit packets from syn/ack'd ones.

Does anyone know a good packet filtering rule to accomplish this? Seems it
should be pretty standard fare as far as packet filtering routers go
(shrug).


Thanks in advance,
Dave
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=169&t=143
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to