Hello Everybody,
I have a segment that I want only established traffic to enter. This has
become quite confusing. I want ping, telnet, traceroute and DNS replies as
well as FTP. Heres what I currently have. Any feedback would be appreciated.
access-list 101 permit ip any 192.168.0.0 0.0.0.255
You should open standard port 53 for DNS traffic, not port greater than
1023.
Correct me if I'm wrong
Vincent
David Eitel Hello Everybody,
I have a segment that I want only established traffic to enter. This has
become quite confusing. I want ping, telnet, traceroute and DNS replies as
To: [EMAIL PROTECTED]
Subject:Extended access list question [7:1718]
Hello Everybody,
I have a segment that I want only established traffic to
enter. This has
become quite confusing. I want ping, telnet, traceroute
Your first statement is too general, all packets will test successfully
against it and never reach the second line. When you allow ip you allow the
whole stack.
Michael L. Lucas CCSI #22672
David Eitel wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello Everybody,
I have a
4 matches
Mail list logo