Security Basics mailing list archives
RE: ACL router problem
From: Juan B <juanbabi () yahoo com>
Date: Thu, 7 Oct 2010 16:19:43 -0700 (PDT)
Hi David, I did remove first all the access list and them paste it again with the added line above. thanks marco --- On Thu, 10/7/10, David Gillett <gillettdavid () fhda edu> wrote:
From: David Gillett <gillettdavid () fhda edu> Subject: RE: ACL router problem To: "'Juan B'" <juanbabi () yahoo com>, "'security basics'" <security-basics () securityfocus com> Date: Thursday, October 7, 2010, 6:11 PM HOW did you "add the first line"? If all you did was type in that line as an addition to the config, you added a new LAST line, after the explicit deny of all, where it can't make any difference. To insert a new line at the top as you want, you need to: 1. remove the ACL from the interface 2. delete the ACL 3. Paste the new ACL -- the whole thing, in order 4. apply the ACL to the interface (I use a home-grown tool that scripts this process...) David Gillett, CISSP CCNP -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: Thursday, October 07, 2010 14:40 To: security basics Subject: ACL router problem Hi ALL !! I need to connect from a host (192.168.8.139)in the lan to host 192.168.1.15 so I put acl like this: ( I added the first line ) access-list 111 permit tcp host 192.168.8.139 any access-list 111 permit tcp 192.168.0.0 0.0.255.255 host 192.168.8.2 eq telnet access-list 111 permit tcp host 192.168.8.7 any access-list 111 permit tcp 192.168.0.0 0.0.255.255 any eq www access-list 111 permit udp 192.168.0.0 0.0.255.255 any eq domain access-list 111 permit tcp 192.168.0.0 0.0.255.255 any eq 443 access-list 111 permit tcp 192.168.0.0 0.0.255.255 any eq 5900 access-list 111 permit ip host 192.168.8.198 any access-list 111 permit ip host 192.168.8.199 any access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any echo access-list 111 permit icmp any any source-quench access-list 111 permit icmp any any time-exceeded access-list 111 deny icmp any any access-list 111 permit tcp any any established access-list 111 deny ip any any log take a look also at line 3 of the acl this host is the internal mail server, from that mail server when I try to connect to host 192.168.1.15 there is no problem !!! so I made a similar entry to enable connection from my host (192.168.8.139) but It doesnt work !! I know its a problem of the ACL beacuse when I remove this ACL (which is applied to vlan 1 BTW) the connection works!! please help ! marco ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- ACL router problem Juan B (Oct 07)
- RE: ACL router problem David Gillett (Oct 08)
- RE: ACL router problem Juan B (Oct 08)
- Re: ACL router problem Shain Singh (Oct 08)
- Re: ACL router problem Juan B (Oct 08)
- RE: ACL router problem David Gillett (Oct 13)
- RE: ACL router problem David Gillett (Oct 19)
- Re: ACL router problem grendel (Oct 13)
- Re: ACL router problem Juan B (Oct 08)
- RE: ACL router problem David Gillett (Oct 08)
- Re: ACL router problem Dan Vultur (Oct 08)