Basic Configuration of a Cisco 837

Unanswered Question
Aug 12th, 2008

Hi

I'm very new and have my first Cisco router deployed in a SOHO setting with 4 pcs and an ADSL link over ATM for internet connectivity.

I have the router running from reset to default but it is exposed. It returns a ping and I would like to stop that. It shows a closed port on 139 and a couple of others. I would like to stealth them.

Can you help configure it please. I guess I could work most things out it I could comment out some lines and see the effect. Is that an exclamation mark?

I'm running linux and can open a terminal, log on to the router and enable.

This is where I think I need help:-

---------------------------

!

ip nat inside source list 102 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip http server

no ip http secure-server

!

access-list 23 permit 192.168.1.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.255

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any traceroute

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq bootps any eq bootpc

access-list 111 permit udp any eq bootps any eq bootps

access-list 111 permit udp any eq domain any

access-list 111 permit esp any any

access-list 111 permit udp any any eq isakmp

access-list 111 permit udp any any eq 10000

access-list 111 permit tcp any any eq 1723

access-list 111 permit tcp any any eq 139

access-list 111 permit udp any any eq netbios-ns

access-list 111 permit udp any any eq netbios-dgm

access-list 111 permit gre any any

access-list 111 deny ip any any

dialer-list 1 protocol ip permit

!

---------------------------------

Regards

Bob

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
4rmorris Tue, 08/12/2008 - 16:48

You can't comment lines out per se. You can remove them (type "no" followed by the line you want to remove) and see what happens.

Regarding your config above... where is access-list 111 applied? It doesn't show in the snippet.

Have you tried configuring the router from the web interface? It has built in lock-down features that will probably meet your needs.

Regards,

Ryan

bobwallum Wed, 08/13/2008 - 01:21

"where is access-list 111 applied? It doesn't show in the snippet."

Thanks for the reply. I don't know how to find out where the access-list 111 is applied. What command do I use for that?

I think it would help me if I could first stop responding to a WAN ping but reply to a LAN pin. I think the process of learning how to do that would help me understand the configuration structure better.

Thanks again for your response, it is appreciated.

Actions

This Discussion