t_ski
Former Staff
- Joined
- Apr 11, 2006
- Messages
- 11,941 (1.70/day)
| System Name | My i7 Beast |
|---|---|
| Processor | Intel Core i7 6800K |
| Motherboard | Asus X99-A II |
| Cooling | Nickel-plated EK Supremacy EVO, D5 with XSPC Bayres & BIX Quad Radiator |
| Memory | 4 x 8GB EVGA SuperSC DDR4-3200 |
| Video Card(s) | EVGA 1080 SuperClocked |
| Storage | Samsung 950 Pro 256GB m.2 SSD + 480GB Sandisk storage SSD |
| Display(s) | Three Asus 24" VW246H LCD's |
| Case | Silverstone TJ07 |
| Audio Device(s) | Onboard |
| Power Supply | Corsair AX1200 |
| Keyboard | Corsair K95 |
| Software | Windows 10 x64 Pro |
OK, I have a small project I'm working on. To start with, here's the basic network map:
I'm looking to set up some very basic access control lists for using the router as a firewall. (This is a requirement for the class I'm doing this for, so don't ask me why I'm not using a regular firewall.) Since we're only dealing with these three servers (web, email and FTP), we're only concerned with ports 80, 25, 20/21 and 110. However, Windows ephemeral ports 49151-65535 have to be considered as well.
Here's what I have so far:
Am I on the right track here? I don't want to be missing something huge.
I'm looking to set up some very basic access control lists for using the router as a firewall. (This is a requirement for the class I'm doing this for, so don't ask me why I'm not using a regular firewall.) Since we're only dealing with these three servers (web, email and FTP), we're only concerned with ports 80, 25, 20/21 and 110. However, Windows ephemeral ports 49151-65535 have to be considered as well.
Here's what I have so far:
Code:
!Access List #1
!Applied to e0/0
!
Router(config)# access-list 1 permit tcp any eq 80
Router(config)# access-list 1 permit tcp any eq 25
Router(config)# access-list 1 permit tcp any eq 110
Router(config)# access-list 1 permit tcp any eq 20
Router(config)# access-list 1 permit tcp any eq 21
Router(config)# access-list 1 permit tcp any range 49151-65535
Router(config)# access-list 1 deny ip any any
!
!
!end
!Access List #2
!Applied to e0/1
!
Router(config)# access-list 2 permit tcp any eq 80
Router(config)# access-list 2 permit tcp any eq 25
Router(config)# access-list 2 deny tcp any eq 110
Router(config)# access-list 2 permit tcp any eq 20
Router(config)# access-list 2 permit tcp any eq 21
Router(config)# access-list 2 permit tcp any range 49151-65535
Router(config)# access-list 2 permit icmp any any
Router(config)# access-list 2 deny ip any any
!
!
!endAm I on the right track here? I don't want to be missing something huge.