Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

3com Router 5232 ACL's/Firewall Help

Status
Not open for further replies.
kerneldead

kerneldead

IS-IT--Management
Jun 19, 2008
16
US
I have a 3com router 5232 and I have created an acl with several blocks of ip's to blocking inbound in order to stop attacks. This is what I have done so far:

acl number 3006
description blocked ip blocks
rule 0 deny ip source 58.29.0.0 0.0.255.255
rule 1 deny ip source 58.65.64.0 0.0.63.255

Now I need to know how to assign this acl to all inbound ip connections on interface ethernet 0/0. After talking with 3com they told me that the firewall is really just acl's. So I used the command:

firewall packet-filter 3006 inbound

I thought this would allow the router to start matching my acl's to all inbound connections and block was was in my acl rules. So far it is not working. I am starting to think that 3com told me wrong on the phone. Can anyone point me in the right direction? I am sure it is something simple that I am missing.

Thanks,
 
Sort by date Sort by votes
make sure that you have enabled the firewall in system view.
login
<router>sys
System View: return to User View with Ctrl+Z.
[router]firewall enable

Then, make sure that you apply the ACL to the external interface. Assuming that Eth 0/0 is your external interface.
[router]int eth 0/0
[router-Ethernet0/0]firewall packet-filter ACL# inbound

Did this on my 3036 and 5012 and worked like a champ.
If you want to block all traffic from specific networks, you can create and ACL in the 2000 range and just block the network and not just IP packets.

 
Upvote 0 Downvote
Engjohn,

Great that cleared up a lot. Can you not assign more then one acl to an packet-filter? When I try somthing along the lines of:

firewall packet-filter 3004 inbound
firewall packet-filter 3005 inbound
firewall packet-filter 3006 inbound

it will not take the acl number into account and over rights the last assigned packet filter.

Thanks,

 
Upvote 0 Downvote
engjohn:

Yes, I ended up creating one inbound acl it was 1313 lines long.

Thanks,
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CHRISH KYLE
  • Locked
  • Question
how to reset netgear router password in hp laptop......
Replies
0
Views
131
CHRISH KYLE
CHRISH KYLE
NYCCGaz
  • Locked
  • Question
Pair of 3com 8810 Core Chassis Switches - FREE TO GOOD HOME
Replies
0
Views
87
NYCCGaz
NYCCGaz
tbyehl
  • Locked
  • Question
3com 3870 (3CR17451-9) Console Connection (Help me, abrooks3640)
Replies
2
Views
92
troesch
troesch
rafald
  • Locked
  • Question
3com 5500g vlans and gateway out
Replies
0
Views
95
rafald
rafald
whatwhatwhatwhat
  • Locked
  • Question
Domain login for laptop users. Please help
Replies
0
Views
73
whatwhatwhatwhat
whatwhatwhatwhat

Part and Inventory Search

Sponsor

Back
Top