From: yuki hisano (yukyhisano@hotmail.com)
Date: Tue Apr 27 2004 - 14:51:25 GMT-3
I have tried it.
Here is the result.
access-list 113 permit tcp any 192.168.128.0 0.0.0.255 log-input
access-list 113 permit udp any 192.168.128.0 0.0.0.255 log-input
access-list 113 permit ip any any
Apr 27 17:35:09: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.201(0)
(Serial0/1 *HDLC*) -> 192.168.128.83(0), 1 packet
Apr 27 17:35:19: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.101(0)
(Serial0/1 *HDLC*) -> 192.168.128.4(0), 13 packets
Apr 27 17:35:23: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.101(0)
(Serial0/1 *HDLC*) -> 192.168.128.226(0), 247 packets
glory-ny#$-6-IPACCESSLOGP: list 113 permitted tcp 192.168.120.201(0)
Apr 27 17:35:09: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.201(0)
Yuki
>From: "ccie" <ccie@netchild.pub.sa>
>To: "yuki hisano" <yukyhisano@hotmail.com>
>Subject: Re: Port 0 Filter (Repost)
>Date: Tue, 27 Apr 2004 20:18:46 +0300
>
>Hi Yuki,
>
> > I hooked some access-list just to see what type of port number it is
>using.
> > The result is like this:
> >
> > source: 192.168.X.X (0) destination 192.168.X.X (0) (they are either
>TCP
>or
> > UDP)
>
>This is not a port 0. We you deny with ip the syslog will show you the port
>as (0). To know the real port try to remove the denied ip and put deny
>tcp/udp. check the log and you will see the correct port number.
>
>NetChild,
>
>
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:56 GMT-3