04-15-2002 11:16 PM - edited 03-01-2019 09:18 PM
Router 805 (One LAN one WAN)
I have created an access list as below:
access-list 110 permit tcp any host 203.94.69.220 eq 80
access-list 110 permit tcp any host 203.94.69.220 eq 443
access-list 110 deny ip any host 203.94.69.220
access-list 110 permit ip any any
I have put this on "S0 in". My aim is to allow 203.94.69.220 only Internet browsing. (Note DNS local) However this does not work and further more if
I remove port 80 (e.g. access-list 110 permit tcp any host 203.94.69.220 )it works and this implies that not only port 80 is used?
one more question. I have noticed that this access list enforced on "S0 in", affects traffic which is on E0 ( I have two differnt IP subnets routered through E0) which should not happen!?. Note. I have NAT on these interfaces, can this be the reason?
Please help
Thank you.
Regards,
Nadeep
04-17-2002 02:46 AM
The most likely reason for your first problem is that you are filtering on the www destination port against the source machine. You need to set up the access list so the destination port is filtered:
access-list 110 permit tcp any eq 80 host 203.94.69.220
The second problem I couldn't comment on without more information.
Russ
04-17-2002 09:50 PM
Ruus, Thank you for the reply. Yes this is a solution.
I used a packet analyser to check whats happening. Browser "talks" to the server's port 80 usings ports like 20xx (random I guess). Therefore the incoming packets are addressed to this port (20xx) and only when port 80 is allowed no browsing!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide