Solved: LAN Question

wesley.roberts · ‎03-05-2009

Is it possible to close all of the TCP ports except TCP port 25 (SMTP). We don't want any traffic coming in or out except for outgoing mail. Please let me know how to configure this...

Jon Marshall · ‎03-05-2009

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon

View solution in original post

Jon Marshall · ‎03-05-2009

Kyle

What device are you referring to ?. You can use access-lists to block or allow traffic to a vlan/subnet but your question doesn't give enough details.

Jon

wesley.roberts · ‎03-05-2009

The device im refering to is a Cisco 2811

fa 0/0

fa 0/1 <--Allow only outgoing email

Serial 0/0/0 <--to WAN

Did this help?

Jon Marshall · ‎03-05-2009

Kyle

Assuming your mail server is 192.168.5.1

access-list 101 permit tcp host 192.168.5.1 any eq 25

access-list 101 deny ip any any

access-list 102 permit tcp any host 192.168.5.1 established

access-list 102 deny ip any any

int fa0/1

ip access-group 101 out

ip access-group 102 in

the above will only allow the mail server 192.168.5.1 to initiate connections to other mail servers on port 25 and for the return traffic to be allowed back in. That's it.

Jon