- Posts: 92
- Thank you received: 0
secure FTP server
16 years 11 months ago #24079
by saidfrh
Replied by saidfrh on topic Re: secure FTP server
One FTP server.
16 years 11 months ago #24081
by DaLight
Replied by DaLight on topic Re: secure FTP server
What ports have you got open between your LAN and your DMZ?
16 years 11 months ago #24087
by saidfrh
Replied by saidfrh on topic Re: secure FTP server
The following is the config on the Cisco perimeter router.
memory-size iomem 25
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Serial tcp
ip inspect name Serial udp
ip inspect name Serial cuseeme
ip inspect name Serial ftp
ip inspect name Serial h323
ip inspect name Serial rcmd
ip inspect name Serial realaudio
ip inspect name Serial smtp
ip inspect name Serial streamworks
ip inspect name Serial vdolive
ip inspect name Serial sqlnet
ip inspect name Serial tftp
ip audit smtp spam 5
ip audit name -audit info action alarm
ip audit name -audit attack action alarm
interface FastEthernet0/0
ip address
no ip directed-broadcast
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
interface Serial0/1
ip address
no ip directed-broadcast
ip nat inside
service-policy output POLICY1
no cdp enable
interface Async65
ip address
no ip directed-broadcast
ip nat inside
encapsulation ppp
keepalive 10
async mode interactive
ip nat pool NAT netmask
ip nat inside source route-map internet2 pool NAT overload
ip nat inside source static tcp extendable
ip nat inside source static 192.168.1.4
ip classless
ip route 0.0.0.0 0.0.0.0
ip route 10.1.1.0 255.255.255.0 192.168.1.10
ip route 10.5.5.0 255.255.255.0 192.168.1.10
ip route 10.6.6.0 255.255.255.0 192.168.1.10
ip route 10.9.9.0 255.255.255.0 192.168.1.10
ip route 10.9.10.0 255.255.255.0 192.168.1.10
ip route 10.10.10.0 255.255.255.0 192.168.1.10
ip route 10.100.100.0 255.255.255.0 192.168.1.10
ip route 172.16.0.0 255.255.0.0 172.16.2.2
ip route 172.16.1.0 255.255.255.0 172.16.2.2
ip route 172.16.5.0 255.255.255.0 xxx.213.196.5
ip route 172.16.6.0 255.255.255.0 xxx.213.196.5
ip route 192.168.0.0 255.255.255.0 192.168.1.10
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 103 permit tcp host host eq telnet
access-list 103 permit tcp host 10.199.249.220 host eq telnet
access-list 103 permit tcp host host eq telnet
access-list 103 permit tcp any host eq smtp log
access-list 103 permit tcp any host eq www
access-list 103 permit tcp any host eq 22 log
access-list 103 permit udp any host eq isakmp log
access-list 103 permit esp any host log
access-list 103 permit tcp any host eq www log
access-list 103 permit tcp any host eq ftp log
access-list 103 permit icmp any any echo-reply log
access-list 103 permit tcp any any established
access-list 103 permit tcp any host eq pop3
access-list 103 permit esp any any
access-list 103 permit udp any eq isakmp any
access-list 103 permit udp any any eq isakmp
access-list 103 permit udp any eq 4500 any
access-list 103 permit tcp any any eq 4500
access-list 103 permit udp any eq domain any
access-list 103 permit ip host xxxxxxxxxxx any
access-list 103 permit ip host xxxxxxxxxxx any
access-list 103 permit ip host xxxxxxxxxxxx any
access-list 103 permit ip 172.16.6.0 0.0.0.255 host
access-list 103 permit ip 172.16.5.0 0.0.0.255 host
access-list 110 permit ip any any
access-list 130 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 172.16.0.0 0.0.255.255 any
access-list 150 permit udp any any range 5000 5070
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any eq 5567
access-list 150 permit udp any eq 5567 any
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any eq 5570 any
access-list 150 permit udp any any eq 16384
access-list 150 permit udp any eq 16384 any
access-list 150 permit tcp any any eq 2427
access-list 150 permit tcp any eq 2427 any
access-list 150 permit udp any any eq 4000
access-list 150 permit udp any eq 4000 any
access-list 150 permit udp any any eq 4010
access-list 150 permit udp any eq 4010 any
memory-size iomem 25
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Serial tcp
ip inspect name Serial udp
ip inspect name Serial cuseeme
ip inspect name Serial ftp
ip inspect name Serial h323
ip inspect name Serial rcmd
ip inspect name Serial realaudio
ip inspect name Serial smtp
ip inspect name Serial streamworks
ip inspect name Serial vdolive
ip inspect name Serial sqlnet
ip inspect name Serial tftp
ip audit smtp spam 5
ip audit name -audit info action alarm
ip audit name -audit attack action alarm
interface FastEthernet0/0
ip address
no ip directed-broadcast
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
interface Serial0/1
ip address
no ip directed-broadcast
ip nat inside
service-policy output POLICY1
no cdp enable
interface Async65
ip address
no ip directed-broadcast
ip nat inside
encapsulation ppp
keepalive 10
async mode interactive
ip nat pool NAT netmask
ip nat inside source route-map internet2 pool NAT overload
ip nat inside source static tcp extendable
ip nat inside source static 192.168.1.4
ip classless
ip route 0.0.0.0 0.0.0.0
ip route 10.1.1.0 255.255.255.0 192.168.1.10
ip route 10.5.5.0 255.255.255.0 192.168.1.10
ip route 10.6.6.0 255.255.255.0 192.168.1.10
ip route 10.9.9.0 255.255.255.0 192.168.1.10
ip route 10.9.10.0 255.255.255.0 192.168.1.10
ip route 10.10.10.0 255.255.255.0 192.168.1.10
ip route 10.100.100.0 255.255.255.0 192.168.1.10
ip route 172.16.0.0 255.255.0.0 172.16.2.2
ip route 172.16.1.0 255.255.255.0 172.16.2.2
ip route 172.16.5.0 255.255.255.0 xxx.213.196.5
ip route 172.16.6.0 255.255.255.0 xxx.213.196.5
ip route 192.168.0.0 255.255.255.0 192.168.1.10
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 103 permit tcp host host eq telnet
access-list 103 permit tcp host 10.199.249.220 host eq telnet
access-list 103 permit tcp host host eq telnet
access-list 103 permit tcp any host eq smtp log
access-list 103 permit tcp any host eq www
access-list 103 permit tcp any host eq 22 log
access-list 103 permit udp any host eq isakmp log
access-list 103 permit esp any host log
access-list 103 permit tcp any host eq www log
access-list 103 permit tcp any host eq ftp log
access-list 103 permit icmp any any echo-reply log
access-list 103 permit tcp any any established
access-list 103 permit tcp any host eq pop3
access-list 103 permit esp any any
access-list 103 permit udp any eq isakmp any
access-list 103 permit udp any any eq isakmp
access-list 103 permit udp any eq 4500 any
access-list 103 permit tcp any any eq 4500
access-list 103 permit udp any eq domain any
access-list 103 permit ip host xxxxxxxxxxx any
access-list 103 permit ip host xxxxxxxxxxx any
access-list 103 permit ip host xxxxxxxxxxxx any
access-list 103 permit ip 172.16.6.0 0.0.0.255 host
access-list 103 permit ip 172.16.5.0 0.0.0.255 host
access-list 110 permit ip any any
access-list 130 permit ip 192.168.1.0 0.0.0.255 any
access-list 130 permit ip 172.16.0.0 0.0.255.255 any
access-list 150 permit udp any any range 5000 5070
access-list 150 permit udp any range 5000 5070 any
access-list 150 permit udp any any eq 5567
access-list 150 permit udp any eq 5567 any
access-list 150 permit tcp any any eq 5566
access-list 150 permit tcp any eq 5566 any
access-list 150 permit tcp any any eq 5570
access-list 150 permit tcp any eq 5570 any
access-list 150 permit udp any any eq 16384
access-list 150 permit udp any eq 16384 any
access-list 150 permit tcp any any eq 2427
access-list 150 permit tcp any eq 2427 any
access-list 150 permit udp any any eq 4000
access-list 150 permit udp any eq 4000 any
access-list 150 permit udp any any eq 4010
access-list 150 permit udp any eq 4010 any
Time to create page: 0.126 seconds