Re: What is the fuction of the established keyword in Access-list?

From: Zeng Puyang (zbridge98@xxxxxxxxx)
Date: Fri Jun 15 2001 - 05:21:36 GMT-3

• Next message: andrew.2.shore@xxxxxx: "RE: NAT on a stick - possible?"
• Previous message: Mas Kato: "RE: NAT on a stick - possible?"
• Maybe in reply to: bravo: "What is the fuction of the established keyword in Access-list?"
• Next in thread: Jim Graves: "Re: What is the fuction of the established keyword in Access-list?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Is host 100.1.1.1 your ftp server? It's in the same subnet of your S0.

This access-list have another problem. In active mode, ftp server will establis
h a tcp connection from port 20 to another port great than 1023 from outside, y
ou can't use established keyword here.

If the ftp server supports passive mode, you should use 'acc 100 permit tcp hos
t ftpserver gt 1023 10.1.1.0 0.0.0.255 gt 1023 estabished'.

Correct me if I'm wrong.

Good luck

Zeng

----- Original Message -----
From: "Martin, Chris" <chris@pacinter.net>
To: "bravo" <bravojun@hanmail.net>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, June 14, 2001 12:19 PM
Subject: Re: What is the fuction of the established keyword in Access-list?

> The function of the established keyword is to permit hosts on the inside of
> your network to be allowed back in through your router or firewall instead
> of permitting them access through a access-list.
>
> For an outside host to have access to your network, you would need a
> access-list to permit that public ip inside. The same would go for a host on
> the inside of your network establishing a TCP session with a host on the
> outside, without the established keyword, the host on the inside network
> would be denied access unless a acess-list permit the tcp session back
> through. So the established keyword does that for you
>
> ----- Original Message -----
> From: "bravo" <bravojun@hanmail.net>
> To: <ccielab@groupstudy.com>
> Sent: Thursday, June 14, 2001 8:11 PM
> Subject: What is the fuction of the established keyword in Access-list?
>
>
> > Hello guy!
> >
> > Could you explain why the ftp is not work well?
> >
> > int se 0
> > ip addr 100.1.1.254 255.255.255.0
> > ip access-group 100 in
> > int e 0
> > ip addr 10.1.1.254 255.255.255.0
> >
> > access-list 100 permit tcp host 100.1.1.1 eq ftp 10.1.1.1 0.0.0.255
> established
> > access-list 100 permit tcp host 100.1.1.1 eq ftp-data 10.1.1.1 0.0.0.255
> established
> > access-list 100 deny ip any any
> >
> > ==================================================
> > ?l8. @NEM3], Daum
> > Fr;} >24B 9+7a E-mail AV<R GQ8^@O3]
> > Av18CL GQ1[ 0K;v<-:q=: Daum FIREBALL
> > http://www.daum.net
> > **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
|:"f
|g-J+~7&!"\"fv7,1+a6Zy
_rj(}J&
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: andrew.2.shore@xxxxxx: "RE: NAT on a stick - possible?"
• Previous message: Mas Kato: "RE: NAT on a stick - possible?"
• Maybe in reply to: bravo: "What is the fuction of the established keyword in Access-list?"
• Next in thread: Jim Graves: "Re: What is the fuction of the established keyword in Access-list?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3