Newbie needs help with CONDUIT config 1

[mfoc]

I need to limit my incoming SMTP connections to a group of mail servers that will be forwarding mail to us. My current conduit line for SMTP looks like this:

conduit permit tcp host mailserver eq smtp any

Do I just throw a list of IP addresses where "any" is now?

Now, here's the really stupid question... How exactly to I change this line in the config? Can I just telnet in and change it?

 

[salibas007]

that's exactly it. replace the ANY with the IP addresses of your mail servers.

In regards to changing it, just connect via telnet to your PIX, issue a NO comand to your conduit.

NO conduit permit tcp host mailserver eq smtp any

and then reimput your conduit commands with the actual IP adresses imstead of the ANY keyword. you are done then.

sam

 

[mfoc]

Do I have to issue any type of save command or reboot the system after the change?

 

[Zelandakh]

type write mem to write the config to memory

you don't need to reboot it, but you can by typing reboot then hit enter then hit enter again.

 

[mfoc]

Outstanding - Thanks for the help!!

 

[mfoc]

Uh oh. I tried entering the new conduit command and it doesn't seem to like the list of IP's.

conduit permit tcp host mailserver eq smtp (list of IP addresses seperated by spaces)

It won't accept it....

Do I NEED to enter the netmask for each IP I enter?

 

[mfoc]

Ah ha.... I apparently need to add a separate conduit line for each IP.

 

[Zelandakh]

yup - conduit is a single entry. Just keep pasting that line...

 

[dopehead]

and remember the "host" keywork in front of a single ip or the 255.255.255.255 netmask after...your choice.

Jan

Network Systems Engineer
CCNA/CQS/CCSP