Bummer. Cisco finally did the packet filtering "correctly" in that release, based on the release notes. That release finally lets you block a range of ports with a single filter rule. Imagine: 0) allow all 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 dest-port 80 1) deny all 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 src-port 1-65535 (or whatever max is) Lock it up tight, I say... "Thomas T. Veldhouse" <veldy at veldy.net> 06/29/2000 09:02 AM EST Please respond to tclug-list at mn-linux.org To: <tclug-list at mn-linux.org> cc: Subject: Re: [TCLUG:19111] Cisco 675 and my network... Nope - my ISP (VISI) will not support 2.3.5 currently. Tom Veldhouse veldy at veldy.net ----- Original Message ----- From: <wade.a.harding at ac.com> To: <tclug-list at mn-linux.org> Sent: Wednesday, June 28, 2000 8:50 PM Subject: Re: [TCLUG:19111] Cisco 675 and my network... > > Out of curiosity, anyone run CBOS 2.3.5 (or anything else higher than > 2.2.0) on their 675's? > > > Mike Nielsen <mike at getbent.net> > 06/28/2000 08:43 PM EST > Please respond to tclug-list at mn-linux.org > > To: tclug-list at mn-linux.org > cc: > Subject: Re: [TCLUG:19111] Cisco 675 and my network... > > > On Fri, 23 Jun 2000, you wrote: > > While this is true relying on the packet filtering on the 675 for your > firewalling can be a dicey prospect. Especially for those of you > who do not put an Exec or En password on your 675's. > > While VISI is techinically correct a little ipchains loving here and there > will help you sleep a little better at night... > > Another rule of thumb.... "Never rely on what USWest supposedly gives > away for free... > > (They used to give the 675's away, don't know if they do that anymore > > > You could skip the BSD box altogether, I am assuming its there for NAT, > > and just use the NAT on the 675. It is working fine for me. US West is > > in the habit of telling people they need multiple IPs but the technician > I > > talked to at VISI was nice enough to tell me the entries to make it work > > on the 675(all the information you need is in the 675's manual); after > > having used FreeBSD for a couple of months for NAT. It works great. I > > have only had to restart it once in the last 6 months. > > > > I still haven't been able to get the 675's DHCP server working > > correctly but that would just be gratuitus sugary topping. > > > > ____________________________ > > Mike Neuharth > > ADCS Technology Specialist > > http://www.umn.edu/adcs > > > > E-Mail : mjn at tc.umn.edu > > Page Mail : 6123065932 at messaging.sprintpcs.com > > http://nifty.dsl.visi.com/ > > ____________________________ > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > > For additional commands, e-mail: tclug-list-help at mn-linux.org > -- > > > ----------------------------- > |\/|ike at GetBent.net > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org > For additional commands, e-mail: tclug-list-help at mn-linux.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org --------------------------------------------------------------------- To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org For additional commands, e-mail: tclug-list-help at mn-linux.org