Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cicdo soho 97 access-list 3

Status
Not open for further replies.

andymck10

IS-IT--Management
Jan 18, 2008
1
GB
Hello All

Need help to setup access-list to allow ip range 192.70.101.230 - 192.70.101.237 255.255.255.0 for smtp inbound to my internal server.
Have tried a number of config of Access-list's but keep getting errors.
Anyone have any idea's all welcome

Thanks
 
access-list 100 permit tcp 192.70.101.230 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.231 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.232 255.255.255.0 eq smtp any
access-list 100 permit tcp 192.70.101.233 255.255.255.0 eq smtp any
and so on... im not entirely sure how to do a range on an access list but after you have the access list set up you have to apply it to an interface
 
Access-lists use inverse masks - I'm sure you meant to put: 0.0.0.255
 
Actually, that's not what he wants to do either. He wants to do:

access-list 100 permit tcp 192.70.101.230 255.255.255.255 eq smtp any

or

access-list 100 permit tcp host 192.70.101.230 eq smtp any
 
Yeah, I type faster than I think too, 0.0.0.0 not 255.255.255.255 - that would match nothing.
 
or lets just make this one step easer and drop the whole mask...ill just repost what i put before... just modified to a simpler method.

access-list 100 permit tcp host 192.70.101.230 eq smtp any
access-list 100 permit tcp host 192.70.101.231 eq smtp any
access-list 100 permit tcp host 192.70.101.232 eq smtp any
access-list 100 permit tcp host 192.70.101.233 eq smtp any
and so on... im not entirely sure how to do a range on an access list but after you have the access list set up you have to apply it to an interface
 
Is this the only access you want these hosts to have? Also, is this the only access you want ANYONE to have? With the simple permit statements and nothing else, you will end up with 192.70.101.230 through .237 having smtp access, and nothing else, and NOBODY else will have ANYTHING. In other words...well, first off---routers are different from firewalls, in that they let everything through until you block them (firewalls block everything until you allow them). Second, once an acl is created in a router, then an implicit "deny any any" is at the end.

burt
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top