LAN Question

Answered Question
Mar 5th, 2009

Is it possible to close all of the TCP ports except TCP port 25 (SMTP). We don't want any traffic coming in or out except for outgoing mail. Please let me know how to configure this...

Correct Answer by Jon Marshall about 7 years 11 months ago

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Thu, 03/05/2009 - 17:40

Kyle

What device are you referring to ?. You can use access-lists to block or allow traffic to a vlan/subnet but your question doesn't give enough details.

Jon

wesley.roberts Thu, 03/05/2009 - 17:45

The device im refering to is a Cisco 2811

fa 0/0

fa 0/1 <--Allow only outgoing email

Serial 0/0/0 <--to WAN

Did this help?

Correct Answer
Jon Marshall Thu, 03/05/2009 - 17:52

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon

Actions

This Discussion