Gone paranoid

[Eric Scher]

"...I was checking the IP the ISP provided Cisco router..."


Assuming you have a Cisco router with a full Cisco IOS you can also write access control
lists. You'll want to use an extended list which runs fro 100-199. They're written 
in the following form:

access-list 1xx permit/deny protocol sourceIP sourceSM eq port#

SM = Subnet Mask
eq = equals

example, for allowing a particular host access to an FTP server:

access-list 100 permit TCP 131.1.1.5 0.0.0.255 1.1.1.0 0.0.0.255 eq 21

You can get all sorts of details at Cisco's web site. No matter what you do with 
your NAT server you should always run an ACL on your router, especially the one at your
border.