alex3948
asked on
Dropping unsollicited connections
Hi!
I have a cisco 1760 router which has port forwarding for ports 25, 80 and 443 for my web services. So if, let's say, I want to open a connection on port 21 of the router, it should not be allowed. The router sends a "connection refused" packet.
What I want to do, is reproduce the DROP behavior of iptables. If I open a connection on port 21, the router should not respond at all and drop the packet.
How can I achieve that?
interface FastEthernet0/0
ip address x.x.x.89 255.255.255.0
no ip unreachables
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
I have a cisco 1760 router which has port forwarding for ports 25, 80 and 443 for my web services. So if, let's say, I want to open a connection on port 21 of the router, it should not be allowed. The router sends a "connection refused" packet.
What I want to do, is reproduce the DROP behavior of iptables. If I open a connection on port 21, the router should not respond at all and drop the packet.
How can I achieve that?
interface FastEthernet0/0
ip address x.x.x.89 255.255.255.0
no ip unreachables
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
ASKER
I did the command:
# ip local policy route-map null0
Still same result
# ip local policy route-map null0
Still same result
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Works like a charm, thanks !
Try using local-policy routing to send this type of traffic to null0: (drop packet)