Solved

Dropping unsollicited connections

Posted on 2012-04-04
4
402 Views
Last Modified: 2012-04-05
Hi!

I have a cisco 1760 router which has port forwarding for ports 25, 80 and 443 for my web services. So if, let's say, I want to open a connection on port 21 of the router, it should not be allowed. The router sends a "connection refused" packet.

What I want to do, is reproduce the DROP behavior of iptables. If I open a connection on port 21, the router should not respond at all and drop the packet.

How can I achieve that?

interface FastEthernet0/0
ip address x.x.x.89 255.255.255.0
no ip unreachables
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
0
Comment
Question by:alex3948
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37808614
That is part of the TCP/IP mode of operation - If the requested service in unavailable a TCP RESET will be sent to the source in response to the SYN

Try using local-policy routing to send this type of traffic to null0: (drop packet)
0
 

Author Comment

by:alex3948
ID: 37809021
I did the command:

# ip local policy route-map null0

Still same result
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37810166
I see you have no access list on your outside interface?

Try adding this:
access-list 100 permit tcp any host x.x.x.89 eq 25
access-list 100 permit tcp any host x.x.x.89 eq 80
access-list 100 permit tcp any host x.x.x.89 eq 443
access-list 100 deny ip any any

interface FastEthernet0/0
ip access-group 100 in


I also took the liberty of hiding your public ip.
0
 

Author Comment

by:alex3948
ID: 37814311
Works like a charm, thanks !
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now