[c-nsp] Access List Problem
Jay Hennigan
jay at west.net
Thu Oct 21 14:34:19 EDT 2004
On Thu, 21 Oct 2004, Bruce Pinsky wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Paul Stewart wrote:
> | We are trying to filter traffic using a basic access list on an
> | interface (6509 Catalyst Native IOS).
> |
> | And the access list:
> |
> | access-list 120 permit tcp any any established
> | access-list 120 permit tcp any host XXXXXXXXXX eq www
> | access-list 120 permit tcp any host XXXXXXXXXX eq 1002
> | access-list 120 permit tcp any host XXXXXXXXXX eq 3389
> | access-list 120 permit tcp any host XXXXXXXXXX eq 443
> | access-list 120 deny ip any any log
> |
> |
> | The traffic coming in from the Internet is filtered and only the 4 ports
> | work fine. No issues with that.
> |
> | Now, if I'm sitting on the server I can't surf or anything to the
> | outside world... something we need to do...
> |
> | What am I missing here? I've tried an access list 121 applied opposite
> | that is "permit ip any any" but no difference... I thought the
> | "established" statement would look after my needs...??
DNS?
access-list 120 permit udp eq domain any
(obviously before the deny any any log.)
--
Jay Hennigan - CCIE #7880 - Network Administration - jay at west.net
WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
NetLojix Communications, Inc. - http://www.netlojix.com/
More information about the cisco-nsp
mailing list