Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I Restrict Outbound Access?
- Thread starter kirby449
- Start date
- Thread starter
- #4
Thanks Fatman and Baddos - I have managed to deny http traffic, however the allowing of one web site doesn't work yet. For example, if I wanted to allow presumably I would find the ip address and have:
access-list outbound_deny permit host 192.168.1.6 host 212.58.224.114 eq http
Would this be correct? and also I want to allow smtp traffic from this PC.
Would this be access-list goingout permit tcp host 192.168.1.6 any eq smtp?
Also would I need to enable DNS through port 53 to get the web site to work?
Thanks guys
access-list outbound_deny permit host 192.168.1.6 host 212.58.224.114 eq http
Would this be correct? and also I want to allow smtp traffic from this PC.
Would this be access-list goingout permit tcp host 192.168.1.6 any eq smtp?
Also would I need to enable DNS through port 53 to get the web site to work?
Thanks guys
>Thanks Fatman and Baddos - I have managed to deny http >traffic, however the allowing of one web site doesn't work >yet. For example, if I wanted to allow >presumably I would find the ip address and have:
>access-list outbound_deny permit host 192.168.1.6 host >112.58.224.114 eq http
Correct, you might want to allow the range, depending on their setup.
>Would this be correct? and also I want to allow smtp >traffic from this PC.
You dont have an internal SMTP server?
>Would this be access-list goingout permit tcp host >192.168.1.6 any eq smtp?
Err, carefull who you allow smtp to, you might want to restrict to your smtp server, unless it is of course your mail server.
>Also would I need to enable DNS through port 53 to get the >web site to work?
No internal DNS either???
allow etc... eq dns
HTH
Fat
===
Fatman Superstar (Andrew James)
CCNA,
(CCNA Cisco Academy Instructor Trained)
>access-list outbound_deny permit host 192.168.1.6 host >112.58.224.114 eq http
Correct, you might want to allow the range, depending on their setup.
>Would this be correct? and also I want to allow smtp >traffic from this PC.
You dont have an internal SMTP server?
>Would this be access-list goingout permit tcp host >192.168.1.6 any eq smtp?
Err, carefull who you allow smtp to, you might want to restrict to your smtp server, unless it is of course your mail server.
>Also would I need to enable DNS through port 53 to get the >web site to work?
No internal DNS either???
allow etc... eq dns
HTH
Fat
===
Fatman Superstar (Andrew James)
CCNA,
(CCNA Cisco Academy Instructor Trained)
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question