07-04-2003 12:39 AM - edited 02-20-2020 09:21 PM
Dear Ciscoer,
Please help me to create an access list from inside to outside. Permit only http, smtp, and pop3. This were created, but some web I can access, cannot smtp but can pop
==========================================================
access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq pop3
access-list acl_out permit tcp 192.168.10.0 255.255.255.0 any eq smtp
----------------------------------------------------------------------------------------------------
What other port suppose to be open.
Thanks in advance
07-04-2003 01:27 AM
From my other post ---
As you say you have access-lists, so
Do the following, open a text-editor (note pad) and write your ACL's i.e.
>no access-list inside
>access-list inside permit tcp host
>access-list inside permit tcp host
>access-list inside permit tcp host
..and so on...
Now don't forget to apply this to the inside interface with a access-group command.
>access-group inside in interface inside
As soon as you are happy with your ACL's paste back onto PIX and make sure you save it i.e. pix# wr m (write memory)
And that should do it.
Hope this helps --
07-04-2003 01:34 AM
1.ACL for outbound connections:
access-list outbound remark WWW
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq https
access-list outbound remark Email
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq pop3
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq smtp
access-list outbound remark NS
access-list outbound permit tcp 192.168.10.0 255.255.255.0 any eq domain
access-list outbound permit udp 192.168.10.0 255.255.255.0 any eq domain
-----------------------------------------------
access-group outbound in interface inside
----------------------------------------------
clear xlate
----
If you use local servers (proxy, NS, SMTP) use only host address in these access-lists.
2. SMTP
Dont forget to open inbound connection for incoming emails on outside interface :).
static (inside,outside) publicIP 192.168.10.x netmask 255.255.255.255
access-list inbound permit tcp any host publicIP eq smtp
access-group inbound in interface outside
07-04-2003 01:42 AM
Hi --
The previous post from David has a 'clearer explanation' for your problem - My post only has half the info. so dorry for that..
Jay.
07-04-2003 02:32 AM
Thank you
HATO
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide