dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
7
share rss forum feed


Angralitux

join:2004-05-20
DO

1 edit
reply to carp

Re: Router ACL question

why would I want to do that?

Also, note these lines:

access-list 101 permit tcp any host 74.21.119.222 eq smtp
access-list 101 permit udp any host 74.21.119.220 eq 3389
 

OP, if you want to allow these services to a particular ip, you'll have to modify them. What I mean is:

1. To allow ip's 74.21.119.222 & 74.21.119.220 to access smtp & RDP respectively, you would do:
access-list 101 permit tcp host 74.21.119.222 any eq smtp
access-list 101 permit udp host 74.21.119.220 any eq 3389
 

2. To allow smtp & RDP to be accessed from outside you would do:
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq 3389
 
or you can replace the last any with the ip of the server you want to get to.


tomkb
Premium
join:2000-11-15
Tampa, FL
kudos:5
Reviews:
·Verizon FiOS
said by Angralitux:

why would I want to do that?

Also, note these lines:

access-list 101 permit tcp any host 74.21.119.222 eq smtp
access-list 101 permit udp any host 74.21.119.220 eq 3389
 

OP, if you want to allow these services to a particular ip, you'll have to modify them. What I mean is:

1. To allow ip's 74.21.119.222 & 74.21.119.220 to access smtp & RDP respectively, you would do:
access-list 101 permit tcp host 74.21.119.222 any eq smtp
access-list 101 permit udp host 74.21.119.220 any eq 3389
 

2. To allow smtp & RDP to be accessed from outside you would do:
access-list 101 permit tcp any any eq smtp
access-list 101 permit udp any any eq 3389
 
or you can replace the last any with the ip of the server you want to get to.
angralitux, I simply want to allow internet traffic inbound to those 2 servers only. Wouldn't they be ok as written?