Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

access list blocking my telnet.

Posted on 2006-06-14
6
Medium Priority
?
335 Views
Last Modified: 2010-03-19
hi, router newbe question: re: cisco 2524  ios version 11
I am trying to block  the ip addresses from a website that is always connected to my smtp.  This website apparently owns a block because the specific address is alway different in the last octet.
i tried using RouterA(config)#access-list 1 deny 203.66.88.0 0.0.0.255
and then
RouterA>enable
RouterA#config t
RouterA(config)# int s0
RouterA(config-if)#ip access-group 1 in

My problem is that as soon as I entered the last command, I was kicked off the telnet and can not reconnect.  I'm sure this is a dumb newbe mistake.  FYI my ip address is NOT 203.66.88.0
Laura
0
Comment
Question by:lizardqueen007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908592
If possible, I would like to block all smtp coming into server from domain  hinet.net which I'm sure creates huge amouts of spam for us all.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16908686
Hopefully you have s serial console cable and can connect via the console port to fix your telnet problem.

I am not sure from a router you can block e-mail from a domina.  You can block it by address, but are you 100% sure that the offending e-mail is really coming from hinet.net and not being spoofed or relayed through an open SMTP relay?
0
 

Expert Comment

by:nurulbhai
ID: 16908784
You can not block domain name by using only a router. If you know the IP address range of the domain you are blocking, go ahead use the access-list as you did but with another line added. Please add the following line also.
access-list 1 permit any
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908821
yes I can use hyperterminal and now that I am at the location (51 miles away ouch!) I restarted the router and the config went back to startup.
I still would like to create an access list if possible.  No I am not positive that the ip is not spoofed except for using the whois.  I was mostly experimenting with access lists and I do not understand why the router kicked me off.  I also figured so what if I block all traffic from
inetnum:      61.216.0.0 - 61.219.255.255
netname:      HINET-TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
Do I really care?
If this is a stupid thing to do, please tell me.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 16908843
It's not a bad idea to block these hosts if you never expect to get email from Taiwan anyway...

Here's how:

access-list 101 deny ip 61.216.0.0 0.0.255.255 any
access-list 101 permit ip any any

interface Serial 0
 ip access-group 101 in

Basic problem is that you forgot the "permit any"
Access lists *always* have an implicit "deny all" at the end.

access-list 1 deny 61.216.0.0 0.0.0.255
access-list 1 permit any

would work just as well..

You're a quick study, Laura!

0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908922
Thanks again Irmoore- Maybe I should have split some points because everyone has been helpful, but I haven't forgotten giltr that you are helping me alot and I will make sure points are given on other questions.  Believe me, I have a lot of questions.
Thank everyone this is a great resource.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question