hi, i have a simple question that's been picking me for a few days...for example, i need to explicitly allow smtp and pop3 traffic only from the mx server on 192.168.50.50/24 to the whole 192.168.1.0/24 network.

that would be:
access-list 101 permit tcp host 192.168.50.50 192.168.1.0 0.0.0.255 eq 25
access-list 101 permit tcp host 192.168.50.50 192.168.1.0 0.0.0.255 eq 110

but since those two subnets must be able to communicate together, must i include the opposite direction?
for example:
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.50.50 eq 25
access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.50.50 eq 110

I know it's a noob question but i can't seem to figure it out by myself, and i need it asap. thanks in advance

is this a router or an ASA?
and how are you putting it on the interface?

If it's a router and you only have an ACL going one direction than you don't need the response going the other way

ASAs are trickier...

_________________
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

but if it's a router your syntactic is wayy off

_________________
Freedom to all the people. Brave, true and strong.
Freedom to all the people. Unless I think you're wrong

dhimes.com

it's an ASA 5510, interface dmz in, but am puzzled for both router and ASA. nevermind the synthax, that's the least problem...i know that ASA's have different synthax

this would let your email server into the 192.168.1.0/24 subnet, but how are the clients going to query it? I think


would work better?

_________________
"Where I excel is ridiculous, sickening, work ethic. You know, while the other guy’s sleeping? I’m working. While the other guy’s eatin’? I’m working. While the other guy’s making love, I mean, I’m making love, too. But I’m working really hard at it."

that's why i thought of putting

access-list 101 permit tcp 192.168.1.0 0.0.0.255 host 192.168.50.50 eq 25

what does the "established" part do?

'established' allows established connection to traverse the firewall.

_________________
"If you're good at anticipating the human mind. It leaves nothing to chance."
-Jigsaw

that should do it then...thanks to all of you