Jump to content

Help me answer this question!!

Life_Under_Game
By Life_Under_Game
in Networking
 Share
Posted

Which set of access control entries would allow all users on the 192.168.10.0/24 network to browse to a web server that is located at 172.17.80.1, but would not allow them to use Telnet?

 

access-list 103 deny tcp host 192.168.10.0 any eq 23
access-list 103 permit tcp host 192.168.10.1 eq 80

access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq telnet

access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80
access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23

Link to comment
https://linustechtips.com/topic/722944-help-me-answer-this-question/
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Electronics Wizardy said:

Don't use us to answer homework questions. 

 

What are these commands for?

These are CISCO router commands to configure managed CISCO routers.

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Posted

I'm not going to give you the answer because that would be too easy. Look at them and realize you want to allow a network to access a host so that eliminates one answer right away. Remember that you only want to allow them to access a specific IP and a specific port. That should help you narrow it down to the right answer :)

Current Network Layout:

Current Build Log/PC:

Storage Server Setup:

 

Prior Build Log/PC:

Link to post
Share on other sites
Posted

If memory serves when entering ACL's into a router the actual port number must be specified and the wildcard mask needs to be used. When allowing or denying access to a specific system you may also wish to specify the host to which you are referring. (It's been a while so I don't guarantee my hints are correct.)

Guides & Tutorials:

PROXMOX - Rebuilding ZFS RAID rpool After Disk Failure

Mass Deploying Customized Windows 10/11 Installs

Building a GNU/Linux Based Windows Deployment Server

GNU/Linux Installer Server: Installation & Configuration

How to: Use (i)PXE to Install Windows from a Network

Why Memorize IP's When You Can Self-Host DNS Instead?

Ventoy - The USB Multi-Boot Utility!

Introduction to PXE/iPXE Network Boot Featuring FreeBSD & Ubuntu Server

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Posted
1 hour ago, harambe2 said:

IIRC this is the correct way to do it because it will allow connections to 172.17.80.1 and block telnet.

Wrong, the question says to only allow HTTP traffic and the one you quoted would allow all connections to the server.

Current Network Layout:

Current Build Log/PC:

Storage Server Setup:

 

Prior Build Log/PC:

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×