Cicdo soho 97 access-list 3

[andymck10]

Hello All

Need help to setup access-list to allow ip range 192.70.101.230 - 192.70.101.237 255.255.255.0 for smtp inbound to my internal server.
Have tried a number of config of Access-list's but keep getting errors.
Anyone have any idea's all welcome

Thanks

 

[kajo]

access-list 100 permit tcp 192.70.101.230 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.231 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.232 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.233 255.255.255.0 eq smtp any
and so on... im not entirely sure how to do a range on an access list but after you have the access list set up you have to apply it to an interface

 

[chipk]

Access-lists use inverse masks - I'm sure you meant to put: 0.0.0.255

 

[chipk]

Actually, that's not what he wants to do either. He wants to do:

access-list 100 permit tcp 192.70.101.230 255.255.255.255 eq smtp any

or

access-list 100 permit tcp host 192.70.101.230 eq smtp any

 

[chipk]

Yeah, I type faster than I think too, 0.0.0.0 not 255.255.255.255 - that would match nothing.

 

[kajo]

or lets just make this one step easer and drop the whole mask...ill just repost what i put before... just modified to a simpler method.

access-list 100 permit tcp host 192.70.101.230 eq smtp any
access-list 100 permit tcp host 192.70.101.231 eq smtp any
access-list 100 permit tcp host 192.70.101.232 eq smtp any
access-list 100 permit tcp host 192.70.101.233 eq smtp any
and so on... im not entirely sure how to do a range on an access list but after you have the access list set up you have to apply it to an interface

 

[burtsbees]

Is this the only access you want these hosts to have? Also, is this the only access you want ANYONE to have? With the simple permit statements and nothing else, you will end up with 192.70.101.230 through .237 having smtp access, and nothing else, and NOBODY else will have ANYTHING. In other words...well, first off---routers are different from firewalls, in that they let everything through until you block them (firewalls block everything until you allow them). Second, once an acl is created in a router, then an implicit "deny any any" is at the end.

burt