Path: utzoo!attcan!uunet!samsung!munnari.oz.au!mel.dit.csiro.au!smart From: smart@manta.mel.dit.csiro.au (Robert Smart) Newsgroups: comp.dcom.sys.cisco Subject: Access restrictions give host unreachable... Message-ID: <1990Jul28.234310.27064@mel.dit.csiro.au> Date: 28 Jul 90 23:43:10 GMT Sender: smart@mel.dit.csiro.au (Robert Smart) Organization: CSIRO DIT (Melb.) Lines: 18 I thought I'd experiment with access restrictions on the Cisco. I set it up to deny access to port 13 (daytime) on my machine. Then I logged into another machine on the other side of the Cisco and did telnet mymachine 13 and my login to the remote machine got blown away! Obviously the returning "host unreachable" caused telnet (or maybe it was rlogin) to drop the connection. Now I don't think programs should give up so easily on the basis of host/network unreachable icmp messages, but since they do I wonder if returning ICMP unreachables can be disabled when only specific ports on a host are disabled. Or do I have to disable outgoing icmps on all the other interfaces? Another point is that this shows that there are circumstances where you would like to restrict packets coming from a given interface instead of having to put an identical restrictriction on all the other interfaces. Bob Smart