Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Andrzejek on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL shuts down DNS and Website

Status
Not open for further replies.
Pronet

Pronet

IS-IT--Management
Oct 7, 2002
19
US
I have implemented the ACL below on our router that sits in front of our mailserver and webserver,there are also some ip addresses that we need to have open in the list. When this ACL is in place I can no longer browse our website nor can I send or receive email. We are trying to block spammers and only open up the minimum neccessary ports that are required to run a mail and webserver and vpn's. Any thoughts and suggestions would be appreciated.

access-list 120 permit tcp any any eq 80
access-list 120 permit tcp any any eq 8080
access-list 120 permit tcp any any eq 23
access-list 120 permit icmp any any 53
access-list 120 permit tcp any any 53
access-list 120 permit ip 68.156.50.238 0.0.0.255 any
access-list 120 permit ip host 12.36.144.139 any
access-list 120 permit ip host 192.168.15.2 any
access-list 120 permit ip 66.112.201.2 0.0.0.255 any
access-list 120 permit ip host 65.173.98.134 any
access-list 120 permit ip host 68.152.159.16 any
access-list 120 permit ip host 66.82.105.183 any
access-list 120 permit tcp host 68.47.112.33 any eq 1503
access-list 120 deny ip any any
 
Sort by date Sort by votes
Try This...

access-list 120 permit tcp any any eq 80
access-list 120 permit tcp any any eq 8080
access-list 120 permit tcp any any eq 25
access-list 120 permit udp any any 53
access-list 120 permit ip 68.156.50.238 0.0.0.255 any
access-list 120 permit ip host 12.36.144.139 any
access-list 120 permit ip host 192.168.15.2 any
access-list 120 permit ip 66.112.201.2 0.0.0.255 any
access-list 120 permit ip host 65.173.98.134 any
access-list 120 permit ip host 68.152.159.16 any
access-list 120 permit ip host 66.82.105.183 any
access-list 120 permit tcp host 68.47.112.33 any eq 1503
access-list 120 deny ip any any log
interface serial 0
ip access-group 120 in
 
Upvote 0 Downvote
Sorry I had a typo, we did use this config.

access-list 120 permit tcp any any eq 80
access-list 120 permit tcp any any eq 8080
access-list 120 permit tcp any any eq 23
access-list 120 permit icmp any any 53
access-list 120 permit tcp any any 53
access-list 120 permit ip 68.156.50.238 0.0.0.255 any
access-list 120 permit ip host 12.36.144.139 any
access-list 120 permit ip host 192.168.15.2 any
access-list 120 permit ip 66.112.201.2 0.0.0.255 any
access-list 120 permit ip host 65.173.98.134 any
access-list 120 permit ip host 68.152.159.16 any
access-list 120 permit ip host 66.82.105.183 any
access-list 120 permit tcp host 68.47.112.33 any eq 1503
access-list 120 deny ip any any
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
184
Lccarter
Lccarter
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
133
burtsbees
burtsbees
darthvader167
  • Locked
  • Question
Download Cisco Hold Music
Replies
0
Views
264
darthvader167
darthvader167
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
117
acabezas2014
acabezas2014
acabezas2014
  • Locked
  • Question
Need to create QoS for SNMP and Radius traffic on Cisco 4948 Switches
Replies
0
Views
93
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top