Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: (no subject)

From: "Terry Bertrand" <tfbsr () hotmail com>
Date: Mon, 14 Jan 2002 10:44:00 -0500
I am using NAT (overload)and it works fine for everything else, I am able to browse the inetrnet and all. This was just a partial access-list that I mentioned, I also have the established acl included already. I did include the "access-list xxx deny ip any any log", but nothing shows up in the console router log as being denied when I try to read mail from outlook express... 

partial list
access-list 105 permit tcp any any eq 110 log (in)
access-list 106 permit tcp any any eq 25 log  (out)

here is the error I get from outlook express....
.....The host 'mail' could not be found. Please verify that you have entered the server name correctly. Account: 'mail', Server: 'mail', Protocol: POP3, Port: 110, Secure(SSL): No, Socket Error: 11001, Error Number: 0x800CCC0D.... 

Thanks



From: "Deane, James" <jdeane () chx com>
To: 'Terry Bertrand' <tfbsr () hotmail com>, firewall-wizards () nfr com
Subject: RE: [fw-wiz] (no subject)
Date: Mon, 14 Jan 2002 08:35:56 -0600

Terry,
You mention that the router is running NAT, but the ACLs you list are for permitting/denying traffic to/from an interface. So, does it work if the router is introduced with NAT, but no ACLs applied? (i.e. do you know if it is NAT or the ACLs that is getting in your way?) 

You could try adding this line to access-list 105:

access-list 105 permit tcp any any established
This will allow replies to your connection request back in (ummm, as well as anything else with the ack bit set) however, this is often necessary since your PC will use some arbitrary high port to connect to the mail server.
Also, try adding the "log" keyword to each of your ACL lines and add a line that says "access-list xxx deny ip any any log" to the end of each ACL. That way, you can see what traffic is being permitted/denied by each ACL in the router's log. 

HTH,
Jim

-----Original Message-----
From: Terry Bertrand [mailto:tfbsr () hotmail com]
Sent: Saturday, January 12, 2002 4:21 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] (no subject)


I am running a cable network at home which includes a cisco router.  I am
able to access email from my cable provider using outlook express without
the router.  When I include the router which is running NAT as part of the
network I am unable to access mail using outlook. Does anyone have any idea as to what sort of access-list I would neet to access mail. I have tried the 
following. the configuration of outlook express is
out mail port 25
in mail port 110

access-list 105 permit tcp any any eq smtp (in)
access-list 106 permit tcp any any eq smtp (out)

Thanks for your time
Terry


_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards





Terry


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: