11-18-2008 02:26 PM - edited 03-06-2019 02:33 AM
Hello;
I would like to edit the config to open up a FTP port, but need to know the exact steps/procedures.
1.) I can remote in via the LAN with Hyperterm.
2.) Can probably use a system to console in if necessary.
Here's part of the config for the ACL I would like to update:
access-list outside_in permit tcp any host <public IP> eq www
access-list outside_in permit tcp any host <public IP> eq https
Would this be the correct access list entry for ftp to this system?
access-list outside_in permit tcp any host <public IP> eq ftp
I just need to know:
1.) Once I remote in, can I somehow place this acl line right below the https one?
2.) Can I use a TFTP program and move a text file config onto the PIX?
3.) If I need to revert back or erase the line, would I just type:
no access-list outside_in permit tcp any host <public IP> eq ftp
Thanks, Steve
11-18-2008 02:39 PM
That's correct:
access-list outside_in permit tcp any host
To insert it you can do:
access-list outside_in line 3 permit tcp any host
The "line 3" will insert ABOVE the existing line 3. It will make the current line 3, line 4.
You can use tftp by using write net.
And to remote your line, you do exactly like you have it.
Don't forget your statics though.
static (inside, outside)
clear xlate
--John
11-19-2008 07:36 AM
Hi John;
Thank you for the reply. Great info regarding the line insert.
How would I cancel/delete that ftp entry once I'm done with that service off my server? Is is just this:
no access-list outside_in permit tcp any host
Also I've tried to view stats on the interfaces to watch traffic, via some show commands, but are there any log commands to show IP traffic over a certain time frame?
Hey thanks in advance, Steve
11-19-2008 07:40 AM
Depending on the type of statistics that you're looking for, you may need to look into logging to a syslog server. The logs on the appliance overwrite very quickly when traffic is going through it.
You would delete it exactly like you have written.
HTH,
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: