Dear.
I'd like to get your help.
I have a problem in setting screen router.
----------------------------------------------------------------------
rule 1 : outgoing is all permitted.
rule 2 : ftp,mail,ns,icmp are permitted but the others arn't.
so,I made ruleset as following.. (out network is B-class a.b.xxx.xxx)
Extended IP access list 195
permit tcp 0.0.0.0 255.255.255.255 a.b.0.0 0.0.255.255 established
permit icmp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
permit tcp 0.0.0.0 255.255.255.255 a.b.0.0 0.0.255.255 eq 21
permit tcp 0.0.0.0 255.255.255.255 a.b.0.0 0.0.255.255 eq 25
permit tcp 0.0.0.0 255.255.255.255 a.b.0.0 0.0.255.255 eq 53
permit udp 0.0.0.0 255.255.255.255 a.b.0.0 0.0.255.255 eq 53
permit tcp a.b.0.0 0.0.255.255 0.0.0.0 255.255.255.255
permit udp a.b.0.0 0.0.255.255 0.0.0.0 255.255.255.255
On serial port 1/1
ip access-group 195 in
ip access-group 195 out
problem : I did ftp from a.b.xxx.xxx to out.Except following,are OK.
But I received error mesg.
ftp> dir
200 PORT command successful.
425 Can't build data connection: Connection timed out.
This mesg vanish when i set "no ip access-group 195 in".
I don't know how to solve it.
If you know what is wrong,please let me know...
I will wait your any answer.
--
--------------------------------------------------------
CHOI SU-HYUNG in LG Electronics Research Center
( System & Networking Group
Center for Information & Research Computing )
E-Mail Address:alloha @
goldstar .
co .
kr
Voice : 02-526-4459
FAX : 02-578-0655
--------------------------------------------------------
Follow-Ups:
-
Re: your mail
From: sgcccdc @
citec .
qld .
gov .
au (Colin Campbell)
|
|
