My facebook blocking ACL has stopped working
Posted
by
Josh
on Server Fault
See other posts from Server Fault
or by Josh
Published on 2012-11-02T15:44:24Z
Indexed on
2012/11/14
17:05 UTC
Read the original article
Hit count: 377
This probably very simple. This was setup before I arrived, and has been working to block facebook. I recently eliminated some static port forwarding on this 2691
(as in, I don't think anything else has changed), and now facebook is once again accessible.
Why is this list not doing what it seems like it should be doing (and was doing)? Would an extended outbound ACL be more appropriate (I think that would have been my thought if I had been tasked with creating this in the first place)? Something different?
I've included below what I believe are the relevant parts of the config.
interface FastEthernet0/0
ip address my.pub.ip.add my.ip.add.msk
ip access-group 1 in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
access-list 1 deny 69.171.224.0 0.0.31.255
access-list 1 deny 74.119.76.0 0.0.3.255
access-list 1 deny 204.15.20.0 0.0.3.255
access-list 1 deny 66.220.144.0 0.0.15.255
access-list 1 deny 69.63.176.0 0.0.15.255
access-list 1 permit any
ip nat inside source list 105 interface FastEthernet0/0 overload
access-list 105 deny ip 192.168.0.0 0.0.0.255 192.168.8.0 0.0.0.255
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
EDIT
ACL is once again blocking Facebook. Here is the new definition for those interested...
access-list 1 deny 66.220.144.0 0.0.7.255
access-list 1 deny 66.220.152.0 0.0.7.255
access-list 1 deny 69.63.176.0 0.0.7.255
access-list 1 deny 69.63.176.0 0.0.0.255
access-list 1 deny 69.63.184.0 0.0.7.255
access-list 1 deny 69.171.224.0 0.0.15.255
access-list 1 deny 69.171.239.0 0.0.0.255
access-list 1 deny 69.171.240.0 0.0.15.255
access-list 1 deny 69.171.255.0 0.0.0.255
access-list 1 deny 74.119.76.0 0.0.3.255
access-list 1 deny 173.252.64.0 0.0.31.255
access-list 1 deny 173.252.70.0 0.0.0.255
access-list 1 deny 173.252.96.0 0.0.31.255
access-list 1 deny 204.15.20.0 0.0.3.255
access-list 1 permit any
© Server Fault or respective owner