I've run into some packet filtering problems that are making me "rethink"
router ACL's. I'm hoping that someone can clarify a few areas that I
formerly *thought* I understood... :)
Does an ACL on a given port process packets in *both* directions, or only
those incoming to that particular port? If both directions, then what do
the "in/out" assignments to a given port really mean? "In" the port, and
"out" to the router CPU, or "in" the port, and "out" of another port, or
something entirely different?
What exactly does the "in" and "out" relate to when assigning an ACL to a
given port? For instance, if my port E0 is on the internet side, and my
port E1 is my firewall interface, and I assign ACL-100 "in" on E0, should I
also assign ACL-100 to "in" on the E1 port as well?? Or should I assign
ACL-100 "in" on port E0, and "out" on port E1, or something else...?
The reason I'm asking these 'goofy' questions is that I'm finding certain
(inbound) IP's that are somehow penetrating my router's ACL's, and I'm not
exactly sure how. I see denial counts on the ACL logs in the router, yet the
firewall logs verify that some of these (supposedly blocked) IP's are making
it to the firewall itself before being dropped. How?
Any comments appreciated!
--Bill
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
