Hi,
Computer1: 192.168.0.2 Combuter2: 192.168.1.2
1 Router.How can i make an access-list so that computer 1 have access to computer
2, but not the other way around?I can only block access to both or accept access to both :-/
It depends what you mean by "access".
TCP *requires* two-way communication. It is not *possible* to have a one-way TCP connection, with data being sent from one computer to the second, but -no- data from the second to the first.
UDP does allow for one-way communication, but on the other hand techically a UDP "conversation" is formed by the second machine "starting" a connection back to the first. There is no way in UDP to recognize something as being a "reply" instead of a new connection that happens to use those ports.
Does the router in question support "reflexive" access-lists ?
I might be reading too much in to this but what about this. Also assuming the OP doesn't know how TCP operates, that it needs to be able to communicate back on a session.
192.168.1.X talking to 192.168.0.X and .0 not being able to initiate to .1assume:
192.168.1.X F0/0 192.168.0.X F0/1access-list 101 permit tcp 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 established access-list 101 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255 access-list 101 permit ip any any
apply it inbound on F0/1
That should allow .1 to talk to .0 and recieve a reply from .0 for the TCP session. UDP would work from .1 to .0, but not in the reverse. It would then allow anything except for to .1
Just a thought....
-Brian
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.