Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I Restrict Outbound Access?

Status
Not open for further replies.
kirby449

kirby449

Technical User
Joined
Jun 15, 2003
Messages
47
Location
GB
Hi Guys

I wish to prevent all outbound http traffic through a PIX from an individual PC sitting behind a PIX firewall. However, I also wish to allow access to one web site from this machine.

Anyone know the commands?

cheers
 
Sort by date Sort by votes
access-list goingout permit tcp host 192.168.x.x host 81.x.x.x eq ftp

access-list goingout deny tcp host 192.168.x any

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA,
(CCNA Cisco Academy Instructor Trained)
 
Upvote 0 Downvote
Just build your access-list, and then apply it to your "inside" interface.
 
Upvote 0 Downvote
Thanks Fatman and Baddos - I have managed to deny http traffic, however the allowing of one web site doesn't work yet. For example, if I wanted to allow presumably I would find the ip address and have:

access-list outbound_deny permit host 192.168.1.6 host 212.58.224.114 eq http

Would this be correct? and also I want to allow smtp traffic from this PC.

Would this be access-list goingout permit tcp host 192.168.1.6 any eq smtp?

Also would I need to enable DNS through port 53 to get the web site to work?

Thanks guys
 
Upvote 0 Downvote
>Thanks Fatman and Baddos - I have managed to deny http >traffic, however the allowing of one web site doesn't work >yet. For example, if I wanted to allow >presumably I would find the ip address and have:

>access-list outbound_deny permit host 192.168.1.6 host >112.58.224.114 eq http

Correct, you might want to allow the range, depending on their setup.


>Would this be correct? and also I want to allow smtp >traffic from this PC.

You dont have an internal SMTP server?

>Would this be access-list goingout permit tcp host >192.168.1.6 any eq smtp?

Err, carefull who you allow smtp to, you might want to restrict to your smtp server, unless it is of course your mail server.

>Also would I need to enable DNS through port 53 to get the >web site to work?

No internal DNS either???

allow etc... eq dns

HTH

Fat

===

Fatman Superstar (Andrew James)

CCNA,
(CCNA Cisco Academy Instructor Trained)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question Question
How necessary is an antivirus?
Replies
3
Views
595
Rick998
Rick998
Sameer258
  • Locked
  • Question Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
Shmid
  • Locked
  • Question Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
XLNTech1
  • Locked
  • Question Question
iptables port forwarding
Replies
0
Views
842
XLNTech1
XLNTech1
kythri
  • Locked
  • Question Question
Restrict access to SSL VPN by IP (ASA 5540 - 8.4(7))
Replies
0
Views
286
kythri
kythri

Part and Inventory Search

Sponsor

Back
Top