Re: Cisco Question

[Thomas Mandl <thomas mandl EUnet at>]

Karl Pearson wrote:
> 
> I know this is not the best place to ask this, but don't know where to
> look after going through manuals and Cisco's web page.
> 
> I have DSL. I am using NAT and it's very secure. I would like to setup my
> old RH5.2 mail server from work to use at home and let my own domain name
> be my email address, which my ISP assigned to me already.
> 
> Does anyone know how the filtering works on a Cisco 675 or where I can
> ask?
> 
> Thanks,
> 
> Karl Pearson
> Senior Systems Analyst/D.B.A.
> karlp colubs com

Hi Karl

have a look at the Cisco Press Web site (don't have an URL at hand, but
you should find it at Cisco's main home page, guess it's
http://www.cisco.com/cpress/home/home.htm) Documentation/literature
about cisco routers and how to configure them can be found there. A
complete description about all Cisco IOS releases should be available at
www.cisco.com. BTW i installed a Cisco 770 ISDN Router for one of my
customers and he received a set of 2 documentation CD-ROMs with all
router commands (as HTML/PDF) as part of the Cisco 7xx router package.
The printed documentation did not contain this info!!! The 7XX series
don't run the std. Cisco IOS 11.X/12.X version but a downgraded one
(4.4(2). If your Cisco 675 uses the same 4.4.(x) IOS release the syntax
for the "SET IP FILTER" command is as follows (derived from online help)

SEt IP FIlter <[type] IN | OUt [SOurce = [NOT]<address>]
                               [DEstination = [NOT]<address>]> |
              < IN | OUt <pattername>^8 > < BLock | ACcept | DEMand |
IGnore >

E.g. to block incomming TCP/UDP traffic for port 53 (just an example)
you would write the following (command line configuration via telnet on
the cisco router):

CD RemoteNet (applies only for the remote net profile not for LAN side!)

SET IP FILTER TCP IN DESTINATION=YOUR.NET.IP.ADDR/24:53 BLOCK
SET IP FILTER UDP IN DESTINATION=YOUR.NET.IP.ADDR/24:53 BLOCK

Note that CISCO's help for the 770 series tells use to use
source=NOT<address> which is not correct. The Cisco IOS 4.4.(2) does not
understand this syntax, rather use 
set ip filter <type> SOURCE NOT=<address>:port-port [accept|block|...]

Hope this helps
best regards
Thomas
-- 
Ing. Thomas Mandl, UNIX and IT-Security Consultant

e-mail  : Thomas Mandl EUnet at
WWW     : http://members.EUnet.at/thomas.mandl (under construction!)
PGP     : PGP/GNUPG available on request
Phone   : +43 (0) 676/53 60 497 (Cellular Phone)

-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GE/CC/CS/CM d-(+) s+++:++ a C++++$ US++++$ UL++++$ P++++ L+++ E++>+++
W++>+++ N++ w--- !O !M V-- PE PGP-(++) t++>+++ 5++ X++ R* tv  b+ DI++
D++ G++ e++ h* r++
------END GEEK CODE BLOCK------