Gone paranoid
Eric Scher
yellowdog-general@lists.terrasoftsolutions.com
Sat Jun 29 12:51:01 2002
"...I was checking the IP the ISP provided Cisco router..."
Assuming you have a Cisco router with a full Cisco IOS you can also write access control
lists. You'll want to use an extended list which runs fro 100-199. They're written
in the following form:
access-list 1xx permit/deny protocol sourceIP sourceSM eq port#
SM = Subnet Mask
eq = equals
example, for allowing a particular host access to an FTP server:
access-list 100 permit TCP 131.1.1.5 0.0.0.255 1.1.1.0 0.0.0.255 eq 21
You can get all sorts of details at Cisco's web site. No matter what you do with
your NAT server you should always run an ACL on your router, especially the one at your
border.