I have removed the ACL's and can get outbound traffic from the LAN.
I am having trouble getting inbound traffic to our webservers... check
my next post.
On Sat, 26 Mar 2005 19:05:31 -0700, Sancho2k.net Lists
<lists at sancho2k dot net> wrote:
> Don Munyak wrote:
> > Got a question about the use of ACL's on a router.
> > Currently our router is setup as a firewall/router (cisco 1750). I
> > have it setup using Reflexive Access Lists (IP Session Filtering)
> > I am planning on putting m0n0wall behind the router and removing the
> > Reflexive Access Lists.
> > In your opinion would you...
> > 1. Use minimal standard or extended ACL's to filter out port traffic
> > for a given IP..or..
> > 2. Just make the router route packets and leave the filtering up to m0n0wall
> The way I'd go is to use m0n0wall for your filtering. Your ruleset and
> filtering capabilities in the BSD kernel will give you more capabilities
> than those available in IOS. AFAIK IOS e.g. gives you no stateful
> filtering capabilities, just stateless..? You could also be limited in
> some areas due to the minimal resources available in your cisco
> (memory/cpu) although this model seems decent enough.
> As a premise, my philosophy has been that the router is intended to
> facilitate the passing of traffic, so let it do the routing, while a
> firewall is purposed to prohibit the passing of traffic, so let it do
> the filtering.
> My $0.02.