HOW TO OPEN PORT USING ACCESS LIST

Answered Question
Oct 16th, 2008

hi

i am new to networking

could some one tell me how to open port 80 in the router to access web interface server 20.31.12.54(using EXTENDED ACCESS LIST)

Thanks

Adhi

I have this problem too.
0 votes
Correct Answer by John Blakley about 8 years 1 month ago

Oh, and you could use any number before your acl statement:

1 permit tcp ...

10 permit tcp ...

Just as long as you are before the 240. I noticed that you had two 20 lines (not sure how that was possible :-) Usually will throw an error that the number exists.

--John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Joseph W. Doherty Thu, 10/16/2008 - 06:47

There are different "flavors" of extended ACLs, for instance both named and unnamed. There's also the question where the ACL will be applied which can determine whether you look at source or destination addresses and/or ports. Within a named ACL, you might have a statement that looks like this:

permit tcp host 20.31.12.54 eq http any

or

permit tcp any host 20.31.12.54 eq http

If you can provide additional information about the existing ACL that is blocking access, I or others might be able provide better information.

adhityakarthik Thu, 10/16/2008 - 07:03

hI PLEASE find the existing ACL, i need to add web server to this exisitng

Extended IP access list BACKU

20 permit tcp 20.187.147.64 0.0.0.63 host 20.1.39.125 eq 2598 (1331 matches)

20 permit tcp 20.187.147.64 0.0.0.63 host 20.1.39.125 eq 1494 (6 matches)

30 permit tcp 20.187.147.64 0.0.0.63 host 20.1.248.39 eq 3389 (6 matches)

40 permit tcp 20.187.147.64 0.0.0.63 host 20.1.248.39 eq 1494

50 permit tcp 20.187.147.64 0.0.0.63 host 20.1.38.39 eq 2598 (4220 matches)

60 permit tcp 20.187.147.64 0.0.0.63 host 20.1.38.39 eq 1494 (60 matches)

65 permit tcp 20.187.147.64 0.0.0.63 host 20.1.37.76 eq 1494 (90 matches)

70 permit ip 20.187.77.160 0.0.0.15 any (4270711 matches)

80 permit tcp 192.24.3.232 0.0.0.7 any eq 8080

90 permit tcp host 192.24.3.202 any eq 8080

200 permit tcp host 192.24.3.204 any eq 8080

120 permit tcp host 192.24.3.208 any eq 8080

120 permit tcp host 192.24.3.50 any eq 8080

130 deny tcp any any eq 8080 (1225 matches)

140 deny tcp any any eq ftp-data

150 deny tcp any any eq ftp

160 deny tcp any any eq 445 (9 matches)

170 permit ip 192.24.3.0 0.0.0.255 any (52041 matches)

180 permit ip 192.24.4.0 0.0.0.255 any (21920 matches)

190 permit ip 20.253.200.0 0.0.0.255 any (7479 matches)

200 permit ip 20.200.1.8 0.0.0.3 any (18 matches)

220 permit ip 20.1.0.0 0.0.255.255 any

220 permit tcp host 20.18.12.14 eq tacacs any

230 permit tcp host 20.192.9.45 eq tacacs any

240 deny ip any any log (21 matches)

John Blakley Thu, 10/16/2008 - 08:06

Do this:

25 permit tcp any host 20.31.12.54 eq 80

This will allow anyone access to the 20.31.12.54 address on port 80.

You have to put in the number to insert it in your access list, otherwise it will come in after your last deny statement and you'll never allow anyone in.

--John

Correct Answer
John Blakley Thu, 10/16/2008 - 08:08

Oh, and you could use any number before your acl statement:

1 permit tcp ...

10 permit tcp ...

Just as long as you are before the 240. I noticed that you had two 20 lines (not sure how that was possible :-) Usually will throw an error that the number exists.

--John

Actions

This Discussion