From: Jacky Murphy (ccie@maitruongxua.com)
Date: Thu Jun 09 2005 - 01:13:36 GMT-3
Hi there,
> access-list 104 permit tcp host 163.8.4.40 any eq www
it's mean: from host 163.8.4.40 (open any port) can only go to web (port 80)
example: my router apply access list 104, PC browser site www.cisco.com
from PC using command: netstat -a, I'll see:
C:\>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP MyPC:1440 cisco.com:http ESTABLISHED
TCP MyPC:1443 cisco.com:http TIME_WAIT
my PC open ports 1440 & 1443..., destination is only one port 80 (http)
my PC can't establish other services: ftp, telnet, pop3...
> access-list 105 permit tcp host 163.8.4.40 eq www any
it's mean: from host 163.8.4.40 (only open port 80) can go to any
destination tcp service (any port)
Jacky,
----- Original Message -----
From: "Henk Botha" <henkBotha@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Thursday, June 09, 2005 3:02 AM
Subject: Access-list
> Hi Guys
>
> Can somebody please explain to me what the diffrence are between the
> following two access-list
>
> access-list 104 permit tcp host 163.8.4.40 any eq www
> and
> access-list 105 permit tcp host 163.8.4.40 eq www any
>
> I gave it diffrint numbers for refrencing. Sorry but I have confused my
> self
> tottaly.
>
> Thank you
>
> Hnek
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3