From: Martin, Chris (chris@xxxxxxxxxxxx)
Date: Thu Jun 14 2001 - 01:19:28 GMT-3
The function of the established keyword is to permit hosts on the inside of
your network to be allowed back in through your router or firewall instead
of permitting them access through a access-list.
For an outside host to have access to your network, you would need a
access-list to permit that public ip inside. The same would go for a host on
the inside of your network establishing a TCP session with a host on the
outside, without the established keyword, the host on the inside network
would be denied access unless a acess-list permit the tcp session back
through. So the established keyword does that for you
----- Original Message -----
From: "bravo" <bravojun@hanmail.net>
To: <ccielab@groupstudy.com>
Sent: Thursday, June 14, 2001 8:11 PM
Subject: What is the fuction of the established keyword in Access-list?
> Hello guy!
>
> Could you explain why the ftp is not work well?
>
> int se 0
> ip addr 100.1.1.254 255.255.255.0
> ip access-group 100 in
> int e 0
> ip addr 10.1.1.254 255.255.255.0
>
> access-list 100 permit tcp host 100.1.1.1 eq ftp 10.1.1.1 0.0.0.255
established
> access-list 100 permit tcp host 100.1.1.1 eq ftp-data 10.1.1.1 0.0.0.255
established
> access-list 100 deny ip any any
>
> ==================================================
> ?l8. @NEM3], Daum
> Fr;} >24B 9+7a E-mail AV<R GQ8^@O3]
> Av18CL GQ1[ 0K;v<-:q=: Daum FIREBALL
> http://www.daum.net
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3