Hi all,
I have just built a small private network, which consists of a couple of Windows 2000 servers, Windows 2000 Professional servers , and a Cisco 2514 series serving as router and simple firewall with access list setting. I intend to make the rule as follows:
- All computers in my private network can use web , FTP , Mail services ( openning port HTTP 80, 20 , 21, 25 )
- Prevent the Intetnet from access to private network, except opening port SMTP 25 only, for transferring messages between my network and outside world.
I think much about how to permit one-direction of data ( allow my netwok can use HTTP, FTP ) but deny other-direction from Internet to my network . I don't know how to write code for that.
And besides, I have been told that it 's more simple if we use parameter "ACK" ( a flag of connection initiation )
If anyone knows about this issue, please give sample codes for two cases:
1 - Access-list code for above rules without "ACK" bit
2 - Access-list code for the rules with "ACK" bit
and your comments ( I mean your comparison between two the above methods ).
Thanks very much for your help.
Tuong Vo Dai