NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
PermaNulled
Dec 07, 2012Aspirant
GSM7248 v2 IP ACL Problems
I keep trying to set an ACL rule up to deny and drop packets directed towards a specific LAN IP destination and I've tried to no prevail. I know the submask needs to be inverse, and I believe I've...
PermaNulled
Dec 07, 2012Aspirant
After realizing that I hadn't binded the ACL rules to a specific port, I got the blocking working...
And now I'm having a separate issue still related to these rules.
Here's the rules I have setup currently and I've got them bound to the interfaces the machines I'm trying to restrict access to are connected to.
Now after doing the rules specified above, I've observed that the switch isn't really listening to what I define as my destination or source, reason I say this is because it's also restricting access to the rest of the network from these machines.
I've tried adding an rule where the machine say 192.168.1.123 would have access to 192.168.1.2 and after doing such it seems to have an inverse effect where every machine on the network then has access to both 192.168.1.123 and 192.168.1.2 even though 192.168.1.123 was supplied as the source for the permit and not the destination.
I'm not sure how this could mix things up like this but it's happening and any examples of configurations other people have implemented or assistance in this would be greatly appreciated.
I know someone here has had to have worked with these ACL setups on these switches as a 8 port firewall and restrictions through it just would not cut it when you've got 40+ machines connected to your network.
And now I'm having a separate issue still related to these rules.
Here's the rules I have setup currently and I've got them bound to the interfaces the machines I'm trying to restrict access to are connected to.
CL ID/Name Rules Direction Interface(s)
------------------------------- ----- ---------- -------------------------
100 2 inbound 0/21, 0/37
(GSM7248V2) >show ip access-lists 100
ACL ID: 100
Inbound Interface(s): 0/21, 0/37
Rule Number: 3
Action......................................... deny
Match All...................................... FALSE
Protocol....................................... 6(tcp)
Source IP Address.............................. 192.168.0.0
Source IP Mask................................. 0.0.255.255
Destination IP Address......................... 192.168.1.123
Destination IP Mask............................ 0.0.0.0
TCP Flags...................................... FIN (Ignore)
SYN (Ignore)
RST (Ignore)
PSH (Ignore)
ACK (Ignore)
URG (Ignore)
Rule Number: 4
Action......................................... deny
Match All...................................... FALSE
--More-- or (q)uit
Protocol....................................... 6(tcp)
Source IP Address.............................. 192.168.0.0
Source IP Mask................................. 0.0.255.255
Destination IP Address......................... 192.168.1.19
Destination IP Mask............................ 0.0.0.0
TCP Flags...................................... FIN (Ignore)
SYN (Ignore)
RST (Ignore)
PSH (Ignore)
ACK (Ignore)
URG (Ignore)
(GSM7248V2) >
Now after doing the rules specified above, I've observed that the switch isn't really listening to what I define as my destination or source, reason I say this is because it's also restricting access to the rest of the network from these machines.
I've tried adding an rule where the machine say 192.168.1.123 would have access to 192.168.1.2 and after doing such it seems to have an inverse effect where every machine on the network then has access to both 192.168.1.123 and 192.168.1.2 even though 192.168.1.123 was supplied as the source for the permit and not the destination.
I'm not sure how this could mix things up like this but it's happening and any examples of configurations other people have implemented or assistance in this would be greatly appreciated.
I know someone here has had to have worked with these ACL setups on these switches as a 8 port firewall and restrictions through it just would not cut it when you've got 40+ machines connected to your network.
Related Content
NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!