Re: (no subject)

["Paul D. Robertson" <proberts () patriot net>]

On Sat, 12 Jan 2002, Terry Bertrand wrote:

> I am running a cable network at home which includes a cisco router.  I am 
> able to access email from my cable provider using outlook express without 
> the router.  When I include the router which is running NAT as part of the 
> network I am unable to access mail using outlook.  Does anyone have any idea 
> as to what sort of access-list I would neet to access mail. I have tried the 
> following. the configuration of outlook express is
> out mail port 25
> in mail port 110
>
> access-list 105 permit tcp any any eq smtp (in)
> access-list 106 permit tcp any any eq smtp (out)

You'll need to allow POP3 (port 110)-

Also, if you don't have any other permits, no other traffic will flow, as
extended access lists add a default deny to the end.  You can manually add 
the deny with a log statement if you've got a syslog server set up- then 
you can see what traffic is being denied and adjust your ruleset 
appropriately.

If you're not running an SMTP server then you could add the established 
keyword to inbound traffic so that external sources couldn't originate tcp 
connections to your machine.

Cisco's site has pretty good documentation- especially "Increasing 
Security on IP Networks"- I'd highly recommend anyone with a Cisco router 
having a copy of that around.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards