Re: [SLUG] Cisco ADSL router config for Telstra ADSL network

["Garth Sperring" <garth@xxxxxxxxxx>]

> On Thu, 9 Aug 2001, Garth Sperring wrote:
>
> > This is my first post to this group - I picked up on a fairly old thread
> > about Cisco 827 ADSL routers from the archive and shamelessly copied it
in
> > below...
> >
> > What are the options in the CISCO 827 for doing some IP packet
filtering -
> > i.e. ensuring that only  http, https, smtp and pop are allowed in on the
> > ATM0 interface (in this example).
>
> The same as for any other Cisco router running IOS.
>
> > Can it be done using access-lists? If so which access-list number should
one
> > use for incoming and outgoing traffic on the ATM0 interface.
>
> Yes, it should be able to be done with an access list in the extended IP
> range {100-199, without going and looking it up}.
>
> HOWEVER - bear in mind that every rule you put into this access list and
> apply to the interface means _every_ packet has to be processed through
> the access list - adding way too much to the processor load.

Good point. Too used working with the bigger beasts - processor resources
did not even cross my mind!

>
> > Or does this require a IOS upgrade or plugin feature of some sort?
>
> AFAIK, it shouldn't. From emmory, the 827 comes shipped with a 12.x series
> IOS, and it runs access lists just fine.
>
> > Any help, comments or advice appreciated!
>
> Seriously? Don't do it with the router. The 800 series doesn't have enough
> grunt to do any really serious packet filtering. Stick the appropriate
> rules onto your Linux firewall {you *are* using Linux, since you're
> posting to a Linux list, right?}, and let the much faster processor of the
> PC do it for you.
>
Yip - Linux with ipchains at the moment - need to get the 2.4 kernel and
iptables for the statefull firewall up and running soon.

Thanks for the advice.

> DaZZa
>
>
> --
> SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug