Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

access-list to stop access to port 3128

I am trying to stop users from outside our network from using our cacheraq. We have a Sun Cobalt CacheRaq4 running and it doesn't allow changing the config files to stop other networks from coming in.

I have the following access-list and would like to know if this is really going to block anyone outside of our network from using the cacheraq server.

The IP address of the cacheraq4 is 208.150.80.200 and I am using port 3128. What is happening is that someone is using the server to relay email. We need to stop them from doing that as well as others using the proxy.

Thanks in advance for the information.

access-list 110 deny ip 208.150.80.0 0.0.0.255 any

access-list 110 deny ip 208.150.72.0 0.0.0.255 any

access-list 110 deny ip 208.150.73.0 0.0.0.255 any

access-list 110 deny ip 208.150.74.0 0.0.0.255 any

access-list 110 deny ip 208.150.75.0 0.0.0.255 any

access-list 110 deny ip 208.150.76.0 0.0.0.255 any

access-list 110 deny ip 208.150.77.0 0.0.0.255 any

access-list 110 deny ip 208.150.82.0 0.0.0.255 any

access-list 110 deny ip 208.150.83.0 0.0.0.255 any

access-list 110 deny ip 208.150.84.0 0.0.0.255 any

access-list 110 deny ip 208.150.85.0 0.0.0.255 any

access-list 110 deny ip 208.150.86.0 0.0.0.255 any

access-list 110 deny ip 208.150.87.0 0.0.0.255 any

access-list 110 deny tcp any eq 3128 any

access-list 110 deny udp any eq 3128 any

access-list 110 permit ip any any

access-list 110 permit tcp any any

Bob Bloise

2 REPLIES

Re: access-list to stop access to port 3128

I assume this acl is applied inbound on the external/outside interface. If the source port (udp and tcp) is 3128 it is good. If the ports are the destination ports it won't work - use "access-list 110 deny tcp any any eq 3128". I would suspect it should be the destination ports.

The line "access-list 110 permit ip any any" makes the last line obsolete and you should remove the last line.

Steve

New Member

Re: access-list to stop access to port 3128

Steve,

Thank you very much! That did it....

Bob Bloise

360
Views
0
Helpful
2
Replies
CreatePlease login to create content