Search results for query: *

Thank you so much! The more you learn, the more you realize how much you don't know.

It sure does my friend! Let me ask one more question though. What do you guys recommend as the better tool to manage and update the IOS on a router. Is there even a free one out there that has a built in editor and tftp server? What about for monitoring the router? I have seen some but they're...

Ok, to all who replied I just wanted to say thank you. I have upgraded the router to 128/32 and now it's running great. Finally got it down to where it does exactly what I wanted it to do. Thanks. The more you learn, the more you realize how much you don't know.

Just a quick follow-up, I am in the midst of finalizing this config and locking it down. During tests, I realized that lines such as ip inspect name cbac https fail to load pointing to "https". ^ Obviously the syntax is correct, but this may not be accepted because of my...

By exposed I mean "listed" as an active port. By that I don't mean "open", just active. When you do a portscan on a specific IP it lists 3 states for every port scanned: open, filtered, or closed. If the port is open, then it accepts the packets, filtered means that there may be something...

Sort of... It doesn't seem to be a matter of denying or permitting traffic. It is just a matter of exposing ports, even though they are "filtered" or denied if you will. I would much rather have the "denied" ports appear "closed", as opposed to "filtered" - thus still listed as potentially...

Ok, I understand what cbac does, but I would have to first implement it later on tonight and see it in action. It's all a little confusing at this time. I still don't know if there is a way to prevent my external IP from exposing internal IP's ports that it has been bonded to. For instance if I...

Can you please help me understand what these lines do? ip inspect name cbac Are these the ones that prevent my internal ports from being exposed via the external IPs unless specifically "allowed" ? I need to grasp what everything does, then I can take it to the next step on my own...I hope :P...

Assuming that this config would indeed work on my hardware (if it's compatible with my IOS), how would I implement the use of .233, .234, and .235 for traffic both inbound and outbound? Is it enough if I just add proper lines to do static nat and permit them in the access lists? Basically I...

You can use this syntax: put External\ Information\ Package\ .zip Notice the space and the backslash! Good luck! The more you learn, the more you realize how much you don't know.

Well you can drop packets either at your current iptables (on the outside interface aka eth0) or if you still want to use your 1841, then you can use access-lists. Before anything setup your 1841 to just pass traffic between your isp and your iptables box. If you can do that successfully...

Honestly if you already use iptables (I assume a Linux box) you could drop all the malicious, DoS, ping-of-death, etc on the external interface of that machine. I think your 1841 is just overkill. However if you insist, I can drop you some lines on what you need to put in the config to filter...

What is your firewall right now? Do you use NAT in you current setup? What do you mean you have 3 hubs? You mean your network is segmented in 3 subnets? Try to explain what you have currently running and where you want to get. Really replace your current firewall (what is that ?) with your...

@unclerico: I tried your config and got similar results with you. I guess we could try to continue to the next step if you would. Right now the router has 96M ram and 24Mb flash. It will get 128/32 soon though. What else can we do/try meanwhile? What would that zone-based firewall config look...

Guys, Sorry about the absence. Been very busy. Now, I have flash and ram on order for this unit, and will be loading new IOS once I am able to. Sorry, did not get a chance to try that config as of yet. I just wanted to let everyone know this is still ongoing. Thanks for the patience and...

Ok, let me run with this and see if I can reproduce the results. The only obvious difference is the IOS, which is not the same. I'm running 12.2 and you're running 12.4. It may not matter for what we're doing, but it is just something I noticed. Thanks a lot! I will return with my findings...

Here it is. I hope this will shed some light on what is happening. Thanks ! ! Last configuration change at 15:02:55 UTC Tue Aug 24 2010 ! NVRAM config last updated at 15:09:04 UTC Tue Aug 24 2010 ! version 12.2 service timestamps debug uptime service timestamps log datetime localtime no...

I am not aware of just one tool that would do all that in one package. You can run a simple port (open port scan) from another host against your RH box like so: nmap -P0 IPADDRESS Where IPADDRESS is the IP address of your RH box. This will give you a list of open ports on this machine. You...

Thanks! If you want me to I can post the exact config I used so that we're on the same page. Nonetheless I really appreciate all your help! The more you learn, the more you realize how much you don't know.

Furthermore, I can access my servers .70, .112, and .113 from a different Internet connections, so things do work just not outbound. Thanks The more you learn, the more you realize how much you don't know.