Solved

Dropping unsollicited connections

Posted on 2012-04-04
4
410 Views
Last Modified: 2012-04-05
Hi!

I have a cisco 1760 router which has port forwarding for ports 25, 80 and 443 for my web services. So if, let's say, I want to open a connection on port 21 of the router, it should not be allowed. The router sends a "connection refused" packet.

What I want to do, is reproduce the DROP behavior of iptables. If I open a connection on port 21, the router should not respond at all and drop the packet.

How can I achieve that?

interface FastEthernet0/0
ip address x.x.x.89 255.255.255.0
no ip unreachables
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
0
Comment
Question by:alex3948
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 15

Expert Comment

by:Nayyar HH (CCIE RS)
ID: 37808614
That is part of the TCP/IP mode of operation - If the requested service in unavailable a TCP RESET will be sent to the source in response to the SYN

Try using local-policy routing to send this type of traffic to null0: (drop packet)
0
 

Author Comment

by:alex3948
ID: 37809021
I did the command:

# ip local policy route-map null0

Still same result
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37810166
I see you have no access list on your outside interface?

Try adding this:
access-list 100 permit tcp any host x.x.x.89 eq 25
access-list 100 permit tcp any host x.x.x.89 eq 80
access-list 100 permit tcp any host x.x.x.89 eq 443
access-list 100 deny ip any any

interface FastEthernet0/0
ip access-group 100 in


I also took the liberty of hiding your public ip.
0
 

Author Comment

by:alex3948
ID: 37814311
Works like a charm, thanks !
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question