Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

configuring cisco router to block all traffic except port 443 and 25 to my on-to-one NAT public IP address

Posted on 2007-10-19
6
Medium Priority
?
1,715 Views
Last Modified: 2008-01-09
Cisco Router RV016
I am using a cisco router firewall for my network.  I recently set up exchange server and used the one-to-one NAT feature on the router to forward all incoming traffic from a public IP to the internal address of my server.  That worked fine.  However, now I am trying to secure my mail server up from incoming attacks on that public IP.  Is there a way to block all incoming traffic on that public IP except for port 25 and 443?

Thanks
0
Comment
Question by:kzackery
  • 3
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Beachdude67
ID: 20108552
I'd use access lists. If you use an access list, it will deny all the traffic except what you specify in the list. Furthermore, you can specify what port numbers you want to allow. Cisco has a good article on access lists here:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#topic2
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 20108744
What you've really got is a Linksys router. Cisco bought Linksys a while back but they maintained their existing product line.

Look under the firewall tab. You should see an area where you can create "rules" that determine which traffic is allowed in.
0
 

Author Comment

by:kzackery
ID: 20109072
Ok don,
I got it.  Correct me if I'm wrong but it should be set to local are network and then the source ip would be the public ip address that I want to block traffic comming from and the destination would be that of my mail server.  How do I know that the ports are being blocked now that I have set it.  Is there a way to verify?
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 50

Expert Comment

by:Don Johnston
ID: 20109218
Sorry. I can't remember the screen and the doc's don't have very good screen shots. As I recall, it was pretty straightforward. I think you can specify that traffic from any address can come in only if it's going to a specific port.
0
 

Author Comment

by:kzackery
ID: 20109303
Is there a way to check to see if the ports are blocked?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 20109344
It should show in the firewall or filter settings
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month20 days, 15 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question