Solved

access list blocking my telnet.

Posted on 2006-06-14
6
325 Views
Last Modified: 2010-03-19
hi, router newbe question: re: cisco 2524  ios version 11
I am trying to block  the ip addresses from a website that is always connected to my smtp.  This website apparently owns a block because the specific address is alway different in the last octet.
i tried using RouterA(config)#access-list 1 deny 203.66.88.0 0.0.0.255
and then
RouterA>enable
RouterA#config t
RouterA(config)# int s0
RouterA(config-if)#ip access-group 1 in

My problem is that as soon as I entered the last command, I was kicked off the telnet and can not reconnect.  I'm sure this is a dumb newbe mistake.  FYI my ip address is NOT 203.66.88.0
Laura
0
Comment
Question by:lizardqueen007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908592
If possible, I would like to block all smtp coming into server from domain  hinet.net which I'm sure creates huge amouts of spam for us all.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16908686
Hopefully you have s serial console cable and can connect via the console port to fix your telnet problem.

I am not sure from a router you can block e-mail from a domina.  You can block it by address, but are you 100% sure that the offending e-mail is really coming from hinet.net and not being spoofed or relayed through an open SMTP relay?
0
 

Expert Comment

by:nurulbhai
ID: 16908784
You can not block domain name by using only a router. If you know the IP address range of the domain you are blocking, go ahead use the access-list as you did but with another line added. Please add the following line also.
access-list 1 permit any
0
Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908821
yes I can use hyperterminal and now that I am at the location (51 miles away ouch!) I restarted the router and the config went back to startup.
I still would like to create an access list if possible.  No I am not positive that the ip is not spoofed except for using the whois.  I was mostly experimenting with access lists and I do not understand why the router kicked me off.  I also figured so what if I block all traffic from
inetnum:      61.216.0.0 - 61.219.255.255
netname:      HINET-TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
Do I really care?
If this is a stupid thing to do, please tell me.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 16908843
It's not a bad idea to block these hosts if you never expect to get email from Taiwan anyway...

Here's how:

access-list 101 deny ip 61.216.0.0 0.0.255.255 any
access-list 101 permit ip any any

interface Serial 0
 ip access-group 101 in

Basic problem is that you forgot the "permit any"
Access lists *always* have an implicit "deny all" at the end.

access-list 1 deny 61.216.0.0 0.0.0.255
access-list 1 permit any

would work just as well..

You're a quick study, Laura!

0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908922
Thanks again Irmoore- Maybe I should have split some points because everyone has been helpful, but I haven't forgotten giltr that you are helping me alot and I will make sure points are given on other questions.  Believe me, I have a lot of questions.
Thank everyone this is a great resource.
0

Featured Post

Report: Liquid Web beats Amazon, Rackspace & More

A study by performance analyst firm Cloud Spectator finds that Liquid Web beats rivals Amazon, Rackspace and DigitalOcean when it comes to website and cloud application performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question