10-05-2012 08:29 AM - edited 03-11-2019 05:05 PM
Hi
I've setup Cisco router's DNS server... via "ip dns server" which in need for inside use.. however now if I do portscan from outside it shows port 53 opened. How do I block all traffic to that 53 port from outside since i need this DNS only inside my NAT/Overload network.
I'm using 1900 series.
Solved! Go to Solution.
10-12-2012 05:54 AM
But if you plan to give internet-users access to an internal FTP-server in the future, then you also need the FTP-inspection in the inbound direction. But for that you could use the same rule as for your outbound traffic.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
10-12-2012 06:12 AM
Adding port 21 to ACL INBOUND and nat forwarding wouldn't be enough?
ip nat inside source static tcp 192.168.20.2 21
permit tcp any host
10-12-2012 12:42 PM
No it would only be enough for the FTP-control-channel. But if the client wants to do passive FTP, the server tells the client on which dynamic port these data is available. And because this session is initiated from the outside to the inside, the FTP-inspection has to be also done in the same direction.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
10-14-2012 05:59 AM
Okay i get it.. Thanks for helping out!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide