hi gurus,
is this possible to configure on acl?
1.from Internet to client - deny icmp and tracerotue
2. from client to Internet - allow icmp and traceroute
i have this on my router and my lan cannot do traceroute may be because of the NAT.
interface FastEthernet0/0
description LAN NETWORK
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
description TO-INTERNET
ip address x.x.x.x 255.255.255.252
ip access-group FIREWALL in
no ip unreachables
ip nat outside
ip access-list extended FIREWALL
permit icmp any any unreachable
permit icmp any any echo-reply
deny udp any any range 33400 34400
deny icmp any any
permit ip any any
LAN---fa0/0<NAT-router>fa0/1---internet