ACL magic

csco11579831 · ‎10-08-2013

Hello,

please do you know the one config ACL that allows only allow the exchange of files between two hosts, (ptotocole TCP / UDP Port eq?)

Best regards,

James Neilson · ‎10-08-2013

permit tcp host x.x.x.x host x.x.x.x eq PORT

permit udp host x.x.x.x host x.x.x.x eq PORT

deny ip any any

csco11579831 · ‎10-08-2013

Hi James,

I'm looking for ports that allow file sharing

cadet alain · ‎10-08-2013

Hi,

the server ports should be TCP 139 and TCP 445 for file sharing.

Regards

Alain

Don't forget to rate helpful posts.

csco11579831 · ‎10-08-2013

does not working

i think that, but also does not working

access-list 110 deny tcp host x.x.x.x host y.y.y.y range 137 139

access-list 110 deny udp host x.x.x.x host y.y.y.y range netbios-ns netbios-ss

cadet alain · ‎10-08-2013

Hi,

it should be a permit not a deny otherwise you'll be filtering file sharing.

Regards

alain

Don't forget to rate helpful posts.

csco11579831 · ‎10-08-2013

Surely!!! but I use it for a road map,

deny or permit isn't necessary for me :), the most important thing is the port(udp,tcp and

range netbios-ns netbios-ss....)

Regards

James

cadet alain · ‎10-08-2013

Hi,

How can you know if it is working then ?

Regards

Alain

Don't forget to rate helpful posts.

csco11579831 · ‎10-08-2013

no access-list 110

access-list 110 deny tcp 172.16.5.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 110 deny tcp 172.16.5.0 0.0.0.255 192.168.0.0 0.0.255.255

access-list 110 deny tcp 172.16.5.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 110 permit tcp 172.16.5.0 0.0.0.255 any

here is my access-list,

I observation of huge slow (1.5 Mb / s) on a conversation file sharing between host and 172.16.5.X 172.16.0.X, well if I target the port file sharing on first access-list I have an easy conversation between the two hosts,