try this--
access-list 101 permit tcp any host x.x.x.x eq 80
access-list 101 permit tcp any any established
access-list 101 deny ip any any
x.x.x.x is the ip address of the webserver
this will be applied to the serial interface inbound. you may also want to
add other rules to this list to prevent things like address spoofing and add
rules for other inbound connections that you may want to make like smtp or
ftp or icmp.
The earlier suggestion of permit ip any any established will not work.
give it a try.
-d
""Howard Yuan"" <[EMAIL PROTECTED]> wrote in message
96v3de$pfl$[EMAIL PROTECTED]">news:96v3de$pfl$[EMAIL PROTECTED]...
> I think it would help if I thoroughly explain the situation.
>
> I have a webserver taht I want people to be able to access. Being a
Novell
> webserver, it has the ability to go in to change some settings on the
> webserver. To do this, you just type in the address and add ":2200" into
> the end. So, I don't want people to be able to access this from the
> outside, letting only people from the inside to be able to do this. So, I
> want to do this and the other situation that I talked about. Please
advice.
> Thanx.
>
> Howard
>
> ""Scott M. Trieste"" <[EMAIL PROTECTED]> wrote in message
> 96v2mh$lkg$[EMAIL PROTECTED]">news:96v2mh$lkg$[EMAIL PROTECTED]...
> > Howard,
> >
> > If you are trying to block all incoming traffic from the Internet,
without
> > inhibiting your outgoing network traffic use this command at the
beginning
> > of your ACL:
> >
> > permit ip any any established.
> >
> > This will allow all tcp/udp conversations through the firewall, as long
as
> > they were initiated from inside your network.
> >
> > Regards,
> >
> > Scott M. Trieste
> >
> > ""Howard Yuan"" <[EMAIL PROTECTED]> wrote in message
> > 96v2gr$kri$[EMAIL PROTECTED]">news:96v2gr$kri$[EMAIL PROTECTED]...
> > > Hi,
> > >
> > > I'm trying to set up a firewall on my Cisco router. I'm trying to
block
> > > everything from the Internet except for webpage access (port 80).
But,
> > when
> > > I set it up to do that, I can not surf the net without putting in the
> > line:
> > >
> > > permit ip any any
> > >
> > > But, doing that will allow everything to come in through the router.
I
> > > don't want anybody being able to come in through any port except for
the
> > > ones I specify. Is there anybody that know how to do that? Please
tell
> > me.
> > > Thank you in advanced.
> > >
> > > Howard
> > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> > >
> >
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
