Re: Help with Firewall
Hey Dennis. I tried the code you gave me. After applying the code, I cannot surf the Internet. Could it be related that webpages uses UDP as well? If you put the line: access-list 100 deny udp any any before the line: access-list 100 deny ip any any Most of the matches will hit the UDP and kicked out before it reaches the IP line. Do you have any more suggestions? I think that there is a UDP being used for webpages as well and it has to be allowed for full web access to occur. I hope I didn't lose you. Thank you. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Firewall
Thanx, I'll give it a try and let you know what happened. Howard ""Dennis"" [EMAIL PROTECTED] wrote in message 971ktt$1rj$[EMAIL PROTECTED]">news:971ktt$1rj$[EMAIL PROTECTED]... try this-- access-list 101 permit tcp any host x.x.x.x eq 80 access-list 101 permit tcp any any established access-list 101 deny ip any any x.x.x.x is the ip address of the webserver this will be applied to the serial interface inbound. you may also want to add other rules to this list to prevent things like address spoofing and add rules for other inbound connections that you may want to make like smtp or ftp or icmp. The earlier suggestion of permit ip any any established will not work. give it a try. -d ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v3de$pfl$[EMAIL PROTECTED]">news:96v3de$pfl$[EMAIL PROTECTED]... I think it would help if I thoroughly explain the situation. I have a webserver taht I want people to be able to access. Being a Novell webserver, it has the ability to go in to change some settings on the webserver. To do this, you just type in the address and add ":2200" into the end. So, I don't want people to be able to access this from the outside, letting only people from the inside to be able to do this. So, I want to do this and the other situation that I talked about. Please advice. Thanx. Howard ""Scott M. Trieste"" [EMAIL PROTECTED] wrote in message 96v2mh$lkg$[EMAIL PROTECTED]">news:96v2mh$lkg$[EMAIL PROTECTED]... Howard, If you are trying to block all incoming traffic from the Internet, without inhibiting your outgoing network traffic use this command at the beginning of your ACL: permit ip any any established. This will allow all tcp/udp conversations through the firewall, as long as they were initiated from inside your network. Regards, Scott M. Trieste ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]... Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Firewall
Howard, If you are trying to block all incoming traffic from the Internet, without inhibiting your outgoing network traffic use this command at the beginning of your ACL: permit ip any any established. This will allow all tcp/udp conversations through the firewall, as long as they were initiated from inside your network. Regards, Scott M. Trieste ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]... Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help with Firewall
Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Firewall
Hey Scott, Thanx for the advice, but, I have a question. Where should I put that access list? Do I want to apply it to the inbound side of the interface where its from the Internet to the network, or outbound on that interface? Howard ""Scott M. Trieste"" [EMAIL PROTECTED] wrote in message 96v2mh$lkg$[EMAIL PROTECTED]">news:96v2mh$lkg$[EMAIL PROTECTED]... Howard, If you are trying to block all incoming traffic from the Internet, without inhibiting your outgoing network traffic use this command at the beginning of your ACL: permit ip any any established. This will allow all tcp/udp conversations through the firewall, as long as they were initiated from inside your network. Regards, Scott M. Trieste ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]... Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Help with Firewall
I think it would help if I thoroughly explain the situation. I have a webserver taht I want people to be able to access. Being a Novell webserver, it has the ability to go in to change some settings on the webserver. To do this, you just type in the address and add ":2200" into the end. So, I don't want people to be able to access this from the outside, letting only people from the inside to be able to do this. So, I want to do this and the other situation that I talked about. Please advice. Thanx. Howard ""Scott M. Trieste"" [EMAIL PROTECTED] wrote in message 96v2mh$lkg$[EMAIL PROTECTED]">news:96v2mh$lkg$[EMAIL PROTECTED]... Howard, If you are trying to block all incoming traffic from the Internet, without inhibiting your outgoing network traffic use this command at the beginning of your ACL: permit ip any any established. This will allow all tcp/udp conversations through the firewall, as long as they were initiated from inside your network. Regards, Scott M. Trieste ""Howard Yuan"" [EMAIL PROTECTED] wrote in message 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]... Hi, I'm trying to set up a firewall on my Cisco router. I'm trying to block everything from the Internet except for webpage access (port 80). But, when I set it up to do that, I can not surf the net without putting in the line: permit ip any any But, doing that will allow everything to come in through the router. I don't want anybody being able to come in through any port except for the ones I specify. Is there anybody that know how to do that? Please tell me. Thank you in advanced. Howard _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
