[SilentScream]

so i wanna add a few rules to my router's access list..
actualy to b honest, i wanna create my ACL to begin with!
i know the usual syntax which is :

ACL 101
access-list 101 permit tcp 63.36.9.0 0.0.0.255 any eq 80

ACL 102
access-list 102 permit tcp any 63.36.9.0 0.0.0.255 established


thts easy! but the thing is i wanna permit a specific PORT(a) from a specific IP(A) to reach a specific PORt(B) on another specific IP(B)!

how can i do tht!

[jman]

It looks like you already have the correct syntax down.

The eq 80 on your first acl is specifying port 80 (http traffic)

So if you wanted to permit those same people from using
telnet you would type:

access-list 103 permit tcp 63.36.9.0 0.0.0.255 any eq 23

likewise if you wanted to block everyone from using AIM but still have access to the internet you would type

access-list 104 deny tcp any any eq 5190 - aim port number
access-list 105 permit tcp any any eq 80

hope this helps


btw Nator.... you need to either get some skills or don't post about things that you don't know because incorrect answers confuse a lot of people. The asker is not trying to change his ports, just explicitly stop traffic destined for specific ports.

[Child S]

http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/scacls.html

[nator419]

If your wanting it to change ports i'm pretty sure you can't do that. As for that the IP addresses thats called NAT (network address translation). You probably need to get a firewall that is capable of this. Its hard to say if what you are using has this function. It might since your allowed it assign access to port but you really didn't give much information.