ACL scope and FTP
We have adjusted our ACL and pulled the permit tcp any any gt 1023 and replaced by the any any established order but this ftp is broken. The ACL is applied on the ethernet interface in the local network. How can I add firmly FTP?
allow tcp any a Workbench
???
Perhaps this link should help.
http://www.Cisco.com/en/us/Tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
What we do is to define a range of ports for passive ftp mode. For example, 6000 to 6100.
To remedy this, you use
access-list 100 permit tcp any host 192.168.1.100 gt 1023
You must use
access-list 100 permit tcp any host 192.168.1.100 range 6000 6100
But, in my view, from the server view, active FTP is more secure than liabilities.
Hope this helps
Tags: Cisco Security
Similar Questions
-
Satellite L30-115 - deleted TCP and FTP packets
Hi all
I have a Toshiba Satellite L30-115 and a DSL connection. I have a problem with my laptop running Win XP SP2 with AVG anti-virus.
TCP and FTP packets are systematically deleted by Firewall setting or my system. I tried these tools that rewrite the registry entries for the TCP/IP protocol in Windows XP, but nothing seems to fix. Everything that affects the TCP fails systematically:
[My browser tells me that the connection was reset during any process, AVG says automatic updates failure but 1] I always got ping www.yahoo.fr and strangest of all, Skype connects properly (likely because it uses another protocol and also because it is in the exception list from my firewall).
Here is that I only have the native Win XP firewall and not others (license AVG, I've got is only to protect web, mail and virus).Another thing is that the problem persists even when I turn off the firewall or if I play around with the settings.
Help, please.
Didier
Hello
Check this short work around:
Start the CMS (control console)
Then type this command: * ipconfig / renew *. -
Change the title: internet connection.
Unable to connect to the internet, suddenly, message that I can't connect to the internet using HTTP<>< or="" ftp.="" thios="" is="" probably="" caused="" by="" firewall="" settings="" on="" your="" computer.="" check="" settings="" for="" http="" port(80),="" https="" port(443)="" and="" ftp.="" funny="" i="" was="" just="" on="" the="" net="" not="" more="" than="" 10="" minutes="" prior="" to="" this.="" checked="" all="" conections-="" good.="" what's="" my="" next="">
Try a system restore to a Date before the problem began:
Restore point:
http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/
Do Safe Mode system restore, if it is impossible to do in Normal Mode.
Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.
Try a restore of the system once, to choose a Restore Point prior to your problem...
Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.
http://www.windowsvistauserguide.com/system_restore.htm
Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.
See you soon.
Mick Murphy - Microsoft partner
-
Hello.
I have a small question.
I implemented a simple extended ACL.
ip licensing 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
refuse an entire ip
It is enabled on the SVI interface IN direction with ip 10.10.10.1/24.
When I test with the ping from the router to a network blocked from using the interface (SVI) source ACL does not work.
Example: ping source 172.16.1.5 10.10.10.1 = success.
This should not be blocked and only allow traffic to 192.168.1.0/24?
So my questions. The ACL effect on the interface of the router itself and only other hosts on the subnet / vlan? (I think I remember having read about it, but can't find it)
Thank you.
Hi traffic there, navigate the interface so that the ACL to be considered. Here is a link to another thread on the forum that explains this very well:
I hope this helps!
Thank you for evaluating useful messages!
-
Removal of Telnet and FTP (keep the SSH/SCP)
I don't want the sensors to run Telnet and FTP, services because I want to force anyone to connect to them to use SSH/SCP.
I edited the /etc/initd.conf and put in comment lines that start these services. However, this may not be the 'best method' because after that I tried that all of a sudden the sensor stopped listening on port 22 and I couldn't connect with SSH (of course). When I Uncomment the lines telnet and ftp in the inetd.conf, SSH/SCP/port 22 is open again. Weird. What should I do to remove these services?
BTW: on an unrelated note, the/dev/iprb0 (command and control) interface is the card that is assigned an IP address and is used for the connection of the sensor. / Dev/spwr0 is the interface which doesn't listen for traffic in promiscious mode and does not have an IP address assigned, right?
Thank you
Erik
Run sysconfig-sensor, there should be an option in the secure communications box to disable telnet and ftp. Sysconfig-sensor will then take care to make the changes for you.
4220 and 4230 sensor devices, your statements are correct for the interfaces.
NOTE: 4210, 4235 and 4250 sensors have names of different interfaces.
Marco
-
problem installing windows 7 finishing installation scope and freeze for hours please help
problem installing windows 7 finishing installation scope and freeze for hours please help
my pc req:2 GB of ramNVIDIA geforce 210 1 GB180 GBPentium 4 3.40Help, pleaseTurn off the computer.
try to start safe mode, start your PC, just before the system loads the Windows operating system. Press the [F8] key function 8 on your keyboard which will launch the menu Advanced Boot Options. Select Safe Mode.
Log, click Start, type Device Manager, press ENTER.
Expand graphics cards
Right-click your video card, click on uninstall.
Restart your system
Log, click Start, type Device Manager, press ENTER.
Expand graphics cards
Right-click your video cardDriver update software; then click search automatically for updated driver.
-
View scopes and composite video at the same time?
Is it not possible to view video scopes and composite video in the source or program monitors simultaneously? It seems that only the option to view scopes or composite video, but not both (as in FCPX) exist.
I know that I can use the monitor for a film in the timeline panel, but it is not updated live, which is annoying.
Am I missing something?(This seems a silly omission... unless I use my 'man-eyes')
You can open the reference monitor and which has a reach.
Only scopes in the live update program monitor.
-
Hello, this is not considered a regular registered sites export (I have many)... and it's a mistake.
In short, after computer out, I got the hard drive I have USB (old win 7 pro on an external drive)
How can I get my list of sites and FTP access, password etc...
they are encrypted in the registry if I'm not mistaken?
any idea?
Thank you.
(Google translation)
proceedings found:
Just do an export of the new common/site .reg file and the modifier with the values of the old and then importing, everything works
Thank you
-
File and FTP diff b/w adapter?
What is the difference between file and FTP adapter?(1) the file adapter is used, when the process is to read/write/list files on your local system (where your FMW server is installed and running).
(2) However, the FTP adapter is used, when the process is reading/writing/list of the files in a system essentially other than the local system (where your FMW server is installed and running) which is set up as an FTP server to access files. The system can be with your network or outside of your network.
--
Mark the detachment as "useful" or "right answer", if your problem is resolved. -
CS5 I get "and FTP error produced - can not connect to the host."
CS5 I get "and FTP error produced - can not connect to the host." Your login or password is incorrect. Please check your login information. I work with three sites. One of them connects fine, but two of them get this message - and I am well aware that the user name and password are correct on each of them. Can anyone help?
Call your host.
Nancy O.
-
scope and read the significant digits vi
Hi all
Let me start by giving you some background.
I'm measuring a RMS (approximately 1.8V) voltage using NOR-Scope read Vi, which works very well, my problem is that I also try to calculate the current RMS within the same Vi, using a known resistance. With the voltage, I have only two significant digits using playback OR-Scope, which gives me too much a rounding error, when it comes to the current problem.
So my question is this; is there another stock Vi that I could use to increase the number of significant digits to get or is it possible to increase the number of significant digits with the Vi? Other ideas are welcome and thank you for your help.
I don't know what is this 'NO-Scope reading measure Vi', but how many significant digits you put your indicator (right click, properties)? If this does not help, please contact your VI.
Cameron
-
I have a RIS server running server 2012 R2 with DHCP and filezilla for FTP and a desktop running windows 7. The server can ping the desktop computer, but Office cannot ping the server, but the Office can obtain a DHCP server address. How can I get it to connect to the ftp service?
Hello Zack,
Thanks for posting your question on the forum of the Microsoft community.
The question will be better suited to the audience of professionals on the TechNet forums.
I would recommend posting your query in the TechNet forums.
TechNet Forum
http://social.technet.Microsoft.com/forums/en-us/home?category=WindowsServerThank you
-
command to erase the hit ACL County and stats interface
Hello
Does anyone know a command to erase the HIT count on an ACL and a command to clear the counters on an interface for the PIX? I can't find it anywhere. Any help would be appreciated. Thank you.
The f
Hello
Try the command:
> access-list clear counters
This clears the counters displayed by the show access-list command.
To delete counters on an interface, enter configuration mode and issue this command: clear int ethernet0
(You must be in config for this command mode works.)
Speed/duplex, once spending config mode and type this command: interface ethernet0 100full
In addition, the following URL might be of interest...
Hope this helps - thanks, Jay
-
We have a PIX running 4.4 (5). When internal and to access the FTp server form the outside, time-out of random connections. We ave tried passive mode with no improvement.
Any other ideas?
Thank you
Brian
Not sure if this applies to you: bug CSCds48493
First thought is to upgrade the operating system at least 5.x or 6.x.
It will be useful.
Steve
-
Can possible save of Cisco DCNM on NFS and FTP on the stand-alone dcnm Server
Can anyone suggest me that how I can back up the database DCNM 7.2 for a stand-alone server on NFS /FTP?
What is the procedure to perform the backup on server NFS /FTP?
Is any dependency to take backup on remote servers from stand-alone server DCNM (not HA)?
Hello
VIEW includes a database backup utility in the $INSTALLDIR/dcm/directory/bin/view. There are 2 versions of the script, one for Oracle and one for postgres databases, and they both can be run from the server command line. These scripts will create a dump (.dmp) database file which you can ftp offshore to another server to files, if you wish.
For reference, here is the documentation on backups of db VIEW:
http://www.Cisco.com/c/en/us/TD/docs/switches/Datacenter/SW/7_2_x/Fundam...
Thank you
Eric
Maybe you are looking for
-
Hello world I m using LV to recognize the particle in the fluid flow. I m using 'Elapsed Time' express VI as a stopwatch. Time is running out until the particle is recognized, when no particle is recognized, time is reset and it starts to work when e
-
Yoga 11s stops immediately when the power cord is unplugged.
It indicates that the battery is fully charged, but when I unplug it comes completely dies. I just got this laptop referbished. What is going on?
-
Find the requirement software LabVIEW project
Hello world Someone knows how, a LabVIEW project with multiple targets data (computer, Compact RIO sbRIO, PXI,...), which is the component of the software and drivers required to run correctly and completely the screws of the project contains assumin
-
Windows Update error code 8000FFFF, and Windows Defender error code 80080005 0 x.
HelloThese error messages are on my laptop. The last successful update was January 14, 2010. He arrived on my desk before but I changed to windows 7 and no probs so far. Everything continues to be on my laptop. So I was a little stuck with reinst
-
an another 3520 with no black ink printing
Wow this is very disconcerting. I have the same problem with a 14 months old hp deskjet 3520 - prints without black - or very light ink. Cleaned print heads several times, tried a second new hp black cartridge. Ugh, just bought 3 new black cartrid