Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

RVS4000 IP ACL Rules

I have read through the manual. My question is what is the proper format to input into the ACL rule "Range"?  Would as an example work-

192.168.0.1 - 192.169.255.254? Will the range effectively work? Or does it have to be 192.168.0.0 - 192.169.255.255? I am not a guru and couldn't find out the answer readily elsewhere. Any feedback would be appreciated.

7 REPLIES
Silver

RVS4000 IP ACL Rules

HI,

It really depends on the other (ACL) settings as well; not just the subnet range. First this ACL will be blocking inside to outside? By default all outside to inside connection are blocked. So now based on your local subnet and other information. Can you be more specific on what you are trying to accomplish?

Jasbryan

New Member

RVS4000 IP ACL Rules

Basically I'm adding my own firewall rules to block a range of ip addresses from different domains that have been spamming our mail server for ages. In the web interface- ACL list, I fill out one custom rule per domain. I fill out-- Block--from WAN--Range (which my question was about)-- then All LAN addresses--- and the rule is in effect always(7days,24hrs a day)   Actually I found out this morning that there is also a limit on the amount of custom rules. It just happens to be 50,which was not spec'ed out in the manual. I know the router just went end-of-life and will probably be looking for a new one soon. We are just a small company and I take care of the web, mail,and database servers in addition to the regular desktops,so throughput never sems to be an issue.    Also thanks for the response. Dave

Silver

RVS4000 IP ACL Rules

So you're hosting your own exchange server or e-mail behind the RVS4000? ACL's are generally a risky thing when trying to block spammers. Normally spammers use a spoofed public ip address (relayed). I seen where it looked like the e-mail was sent from the same domain as the user receiving it. Again you really need a device or service that is strictly set for monitoring spam for your e-mail servers. I work with the Cisco Spam and Virus Blocker so I do know a lot about e-mail.

You can set up ACL’s but be prepared to consistently change or alter them every 24 hours. I had this one customer getting 90,000 a day. I setup ACL’s temporary until we could find out why he was getting through our Spam and Virus Blocker, less than 16 hours this guy was already sending back to my guy’s domain, I was amazed. Basically my customer had opened his blocker up to accept/relay e-mails all domain.

Since on your ACL’s inbound you have a deny all but since you’re hosting e-mail server you’ll need to write ACL’s based on port 25 source and destinations. Source will be domain/public ip address you trying to block and destination will be your e-mail server. Once you make your deny statements you’ll need to make a allow all statement for the rest of your e-mail traffic on port 25

Hope this helps,

Jasbryan

New Member

RVS4000 IP ACL Rules

I understand what you are saying. But my question still is what is a legitimate range that would be filled in in the range boxes? The logging in this router is terrible and I will not know if I put a range that the firewall doesn't understand basically making the rule useless. Also I block all ports because  the few domains that I am working with do not always spam the mail server, I also get web server attacks from the same domains. I'm sure it's the work of a botnet and I probably won't stave them off for long,but the domains that ip addresses are from are unbelievably static and resolvable. I do run spam software on the mail server (Linux) and that catches almost 90 some percent of the spam. Again thanks for the response    Dave

Silver

RVS4000 IP ACL Rules

HI,

You wrote "I understand what you are saying. But my question still is what is a legitimate range that would be filled in in the range boxes?" I’m guessing you’re still talking about your private range (you would want to include the whole range of address’s that’s located on your subnet. So if the RVS4000 range is 192.168.1.x-192.168.1.255 for the destination you just need to include the ranges that’s the RVS4000 have. You can have up to 4 Vlans with 254 hosts that 4 class C subnets.

Ex – vlan 1 ••à192.168.0.0-192.168.1.255

       Vlan 2 ••à192.168.1.0-192.168.2.255

       Vlan 3 ••à192.168.2.0-192.168.3.255

       Vlan 4 ••à192.168.3.0-192.168.4.255

Now you could include this range by specifying a subnet make of 255.255.252.0 which will include all four ranges with this mask.

Hope this helps,

Jasbryan

New Member

RVS4000 IP ACL Rules

First of all I appreciate your patience. I am talking about blocking  internet ip addresses, not my lan ip addresses. I'll try this as an example. Say Google had a range of public ip addresses- 111.112.113.1 -111.112.255.255. And I want to block them from any access to my router inbound. Now back to my question, can I  in the range boxes fill in those exact ip addresses and have them be blocked properly? Will the range extend beyond the 1st 254 ip's and be covered?  Or is the range as far as the router firewall rules be 111.112.113.1-111.112.113.255, the the next rule would be 111.112.114.1-111.112.114.255 an so on and so forth? Is there an easier way using the subnet? I'll have to bone up on my networking, but I'm trying to find out what the "router" expects.    

From the manual-  

Source - The source IP address, which can be one specific IP address, ANY (all IP

addresses), a range of IP addresses, or a specific IP subnet.

Thanks,

Dave

Silver

RVS4000 IP ACL Rules

Dave -

Since you're a member look under my profile and send me an e-mail with a screen shot of your rules. Also send me the public ip address you're trying to block. Ill show you based on your screen shot and other information how this should be configured.

Jasbryan

766
Views
0
Helpful
7
Replies