From: Ian Stong (istong@stong.org)
Date: Mon Sep 29 2003 - 00:48:01 GMT-3
If you are only wanted inbound SMTP traffic to host 10.1.1.1 I would
suggest
Access-list 101 permit tcp any gt 1024 host 10.10.1.1 eq 25
Ian
www.istong.org
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
SN K38U
Sent: Sunday, September 28, 2003 10:24 PM
To: ccielab@groupstudy.com
Subject: A question about Acl
If I was asked to only permit the internet to access my smtp server with
ip
10.10.1.1,which acl is better?
access-list 101 permit tcp any 128.88.0.0 0.0.255.255 established
access-list 101 permit tcp any host 128.88.1.2 eq 25
or
access-list 102 permit tcp any host 128.88.1.2 eq 25
I am a bit confused with it.In my option,since the mail packets coming
in
from the internet have a destination port of 25,I think acl 102 is
enough,but many other people prefer acl 101.
Any clarify is appreciated.
This archive was generated by hypermail 2.1.4 : Wed Oct 01 2003 - 07:24:39 GMT-3