t_ski
Supreme [H]ardness
- Joined
- Jun 13, 2006
- Messages
- 7,506
OK, I have a small project I'm working on. To start with, here's the basic network map:
I'm looking to set up some very basic access control lists for using the router as a firewall. (This is a requirement for the class I'm doing this for, so don't ask me why I'm not using a regular firewall.) Since we're only dealing with these three servers (web, email and FTP), we're only concerned with ports 80, 25, 20/21 and 110. However, Windows ephemeral ports 49151-65535 have to be considered as well.
Here's what I have so far:
Am I on the right track here? I don't want to be missing something huge.
I'm looking to set up some very basic access control lists for using the router as a firewall. (This is a requirement for the class I'm doing this for, so don't ask me why I'm not using a regular firewall.) Since we're only dealing with these three servers (web, email and FTP), we're only concerned with ports 80, 25, 20/21 and 110. However, Windows ephemeral ports 49151-65535 have to be considered as well.
Here's what I have so far:
Code:
!Access List #1
!Applied to e0/0
!
Router(config)# access-list 1 permit tcp any eq 80
Router(config)# access-list 1 permit tcp any eq 25
Router(config)# access-list 1 permit tcp any eq 110
Router(config)# access-list 1 permit tcp any eq 20
Router(config)# access-list 1 permit tcp any eq 21
Router(config)# access-list 1 permit tcp any range 49151-65535
Router(config)# access-list 1 deny ip any any
!
!
!end
!Access List #2
!Applied to e0/1
!
Router(config)# access-list 2 permit tcp any eq 80
Router(config)# access-list 2 permit tcp any eq 25
Router(config)# access-list 2 deny tcp any eq 110
Router(config)# access-list 2 permit tcp any eq 20
Router(config)# access-list 2 permit tcp any eq 21
Router(config)# access-list 2 permit tcp any range 49151-65535
Router(config)# access-list 2 permit icmp any any
Router(config)# access-list 2 deny ip any any
!
!
!end
Am I on the right track here? I don't want to be missing something huge.