Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

open and close 4662 tcp and 4672 udp ports to emule - HELP

Status
Not open for further replies.

jjoleite

Technical User
May 7, 2004
13
PT
My configuration, my pc ip adress is 192.2.3.199, and i like to open 4662 tcp and 4672 udp ports to emule.
Thanks.
...
service password-encryption
!
hostname cisco_lasa
!
logging rate-limit console 10 except errors
enable password 7 xxxxxxxxxxxxxxxxxxxxxx
!
memory-size iomem 25
ip subnet-zero
no ip finger
ip name-server aaa.aaa.aaa.aaa
ip name-server bbb.bbb.bbb.bbb
!
no ip bootp server
ip inspect name wall tcp timeout 3600
ip inspect name wall udp timeout 360
ip inspect name wall ftp timeout 3600
ip inspect name wall realaudio timeout 3600
ip inspect name wall h323 timeout 3600
ip inspect name wall smtp timeout 3600
ip inspect name wall http timeout 3600
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0
description Ligacao a DMZ
ip address xxx.yyy.zzz.qqq 255.255.255.248
no ip unreachables
no ip proxy-arp
no ip route-cache
half-duplex
no cdp enable
!
interface FastEthernet0
description Ligacao a Rede Local
ip address aaa.bbb.ccc.ddd 255.255.255.0
no ip unreachables
no ip proxy-arp
ip nat inside
no ip route-cache
speed auto
no cdp enable
!
interface Serial0
description NNA-
no ip address
no ip unreachables
no ip proxy-arp
encapsulation frame-relay
no ip route-cache
no fair-queue
!
interface Serial0.1 point-to-point
bandwidth 224
ip address qqq. 255.255.255.252
ip access-group 111 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect wall out
no ip route-cache
traffic-shape rate 238000 238000 0 1000
no cdp enable
frame-relay interface-dlci 500 IETF
class SHAPE-WAN500
!
interface Serial0.1000 point-to-point
ip address ccc.ddd.eee.fff 255.255.255.0
no ip route-cache
no cdp enable
frame-relay interface-dlci 1000
!
ip nat inside source list 69 interface Serial0.1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 zzz.xxx.zzz.eee
ip route xxx. 255.255.255.128 xxx.no ip http server
!
!
map-class frame-relay SHAPE-WAN500
frame-relay traffic-rate 224000 230000
frame-relay adaptive-shaping becn
frame-relay mincir 164000
access-list 1 permit 192.2.3.199
access-list 1 permit 194.65.22.19
access-list 1 permit 194.65.147.166
access-list 1 permit 194.65.14.59
access-list 1 permit 192.2.3.6
access-list 1 permit 94.65.95.183
access-list 1 permit 194.65.19.0 0.0.0.255
access-list 1 deny any log
access-list 69 permit 192.2.3.0 0.0.0.255
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit tcp any eq domain any eq domain
access-list 111 permit udp any eq domain any eq domain
access-list 111 permit tcp any gt 1024 any eq domain
access-list 111 permit udp any gt 1024 any eq domain
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq pop3
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq ftp
access-list 111 permit tcp any any eq ftp-data
access-list 111 permit ip 194.65.19.0 0.0.0.255 any
access-list 111 permit ip host 194.65.22.19 any
access-list 111 permit ip host 194.65.147.166 any
access-list 111 permit ip host 194.65.95.183 any
access-list 111 permit ip host 194.65.14.59 any
access-list 111 deny ip any any log
no cdp run
!
line con 0
password 7 xxxxxxxxxxxxxxxxxxx
login
transport input none
line aux 0
line vty 0 4
access-class 1 in
password 7 xxxxxxxxxxxxxxxx
login
!
no scheduler allocate
end
 
Well, from examination, I can see some problems with your ACL from a security standpoint:

access-list 111 permit tcp any any eq smtp

You should restrict SMTP inbound to ONLY those
hosts which run SMTP servers, not your entire network.

access-list 111 permit tcp any any eq pop3

You should restrict POP3 inbound to ONLY those
hosts which run POP3 servers, not your entire network.

access-list 111 permit tcp any any eq www

Same goes for (specific hosts only)

access-list 111 permit tcp any any eq ftp

Same goes for FTP servers (specific machines which
run FTP servers)

access-list 111 permit tcp any any eq ftp-data

This is used for systems which run FTP processes in
your network which connect to FTP servers outside
of your network (if you have ONE machine that does
this, then restrict the access to that one machine
only).

A good book to get is the O'Reilly Book "Hardening Cisco Routers" and the "Cisco Cookbook", as they are valuable tools for configuring and securing your router (since it's the entry point into your network).
 
Thanks by the explanation, but i want the commands to open and close the ports.
Anyway help me?

Thanks.
 
Thanks by the your answer, but not satisfaz my question.
To open ports in my router.

Help me please.
 
How about:

access-list 111 permit TCP any any eq 4662
access-list 111 permit UDP any any eq 4672

You also might considering getting the book:

Hardening Cisco Routers by O'Reilly

which explains proper methods of securing your router
and network.
 
i put this commands, but said me your port 4662 is not reacheable.

Whats matter?

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top