can someone explain to me exactly what this line means:
access-list 101 permit tcp any any established
thanks
Justin
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36124&t=36124
--
FAQ, list archives, and subscription info: ht
""Justin M. Clark"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> can someone explain to me exactly what this line means:
>
> access-list 101 permit tcp any any established
>
> thanks
> Justin
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=36125&t=36124
---
If you're on your lan and go to an external website, you presumably want
the data to be able to get back to you, you dont want to write a permit
statement for the return traffic of every site people visit. This allows
tcp traffic from any ip to any ip in the direction implied in the config.
Justin,
This is typically used in an Internet/NAT situation where you are allowing
something from the Internet to come back in, only if it's a reply to a
request that originated from inside your network. For instance, with a
router connected to the Internet, you typically want an access-list app
Or for a better explanation, see the ack bit discussion on
http://www.daemon.org/tcp.html.
Brian
On Thu, 21 Feb 2002, Justin M. Clark wrote:
> can someone explain to me exactly what this line means:
>
> access-list 101 permit tcp any any established
>
> thanks
> Justin
Message Poste
I can get through it by just setting the ack bit in the IP packet on.
That's all it check for. Not very secure.
""Justin M. Clark"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> can someone explain to me exactly what this line means:
>
> access-list 101 permit tcp any any estab
packets coming into the router that are part of a session initiated
from within. I'm sure someone came be more eloquent in describing it
though:)
Dave
"Justin M. Clark" wrote:
>
> can someone explain to me exactly what this line means:
>
> access-list 101 permit tcp any any established
>
>
Which is why most people who are concerned use firewalls that actually
keep a table of open connections.
Brian
On Thu, 21 Feb 2002, Steven A. Ridder wrote:
> I can get through it by just setting the ack bit in the IP packet on.
> That's all it check for. Not very secure.
> ""Justin M.
That's a good conceptual explanation. I would add that technically, it
allows TCP packets that have the ACK bit set. In other words, it allows
packets that are acknowledging another packet. That means it would not
allow an incoming SYN used to set up a session, but it would allow a reply
to a
IP doesn't have an ACK bit. You mean TCP.
Picky, picky, I know. ;-)
Priscilla
At 07:00 PM 2/21/02, Steven A. Ridder wrote:
>I can get through it by just setting the ack bit in the IP packet on.
>That's all it check for. Not very secure.
>""Justin M. Clark"" wrote in message
>[EMAIL PROTECTED]
PROTECTED]
Subject: RE: Access list question [7:36124]
That's a good conceptual explanation. I would add that technically, it
allows TCP packets that have the ACK bit set. In other words, it allows
packets that are acknowledging another packet. That means it would not
allow an incoming SYN u
11 matches
Mail list logo
