You should open standard port 53 for DNS traffic, not port greater than
1023.
Correct me if I'm wrong
Vincent
David Eitel Hello Everybody,
I have a segment that I want only established traffic to enter. This has
become quite confusing. I want ping, telnet, traceroute and DNS replies as
Since the access-list is worked from top down, wouldn't the top line allow
all IP traffic.
I don't think that IP packets are ever going to see the lower lines in your
config.
Also, don't forget the implicit deny at the end, you are setting up to drop
all traffic not on the 192.168.0.X network.
Your first statement is too general, all packets will test successfully
against it and never reach the second line. When you allow ip you allow the
whole stack.
Michael L. Lucas CCSI #22672
David Eitel wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hello Everybody,
I have a
3 matches
Mail list logo