Re: access lists for incoming internet

carl_townshend · ‎02-25-2006

Hi all

I have taken a look at my access list for my internet, basically it lets everything out, what will be permitting the traffic from the web back to my browser, I cant see any established connections in the access list, so what would be needed to be let in for simple web

thanks all

trackme · ‎02-26-2006

did you apply the ACL to the incoming interface, i mean where the internet traffic enters to your router.

this will be probably your serial interface connected to your ISP .

for example if you want to allow only web for established connections from inside, use the following

-----------

Internet

any

-------------------------

|

Ser0/0|

+-----------+

| |

+-----------+

Eth0/0|

|

-------------------------

Office

1.1.9.0

access-list 101 - Applied to traffic leaving the office (outgoing)

access-list 102 - Applied to traffic entering the office (incoming)

int ser0/0 (assuming this where you connect to ISP)

access-group 101 out

access-group 102 in

access-list 101 permit tcp 1.1.9.0 0.0.0.255 any eq 80

access-list 101 permit tcp 1.1.9.0 0.0.0.255 any eq 443

access-list 102 permit tcp any 1.1.9.0 0.0.0.255 established

--------------

if this is not the one you r looking for, let me know

carl_townshend · ‎02-27-2006

Hi, thanks for the reply, my question was more that the access lists are already in place, they were created by my router, but I cant see any lists with the established command on there, would it just be permitting anything to my port 80 incoming ?