> i would like, that i'm able to reach _only_ the port 80 on 192.168.1.1 @ f0/1 on a Cisco 2621 > > interface FastEthernet0/1 > ip address 192.168.1.55 255.255.255.0 > ip access-group 115 in > ip access-group 116 out > no ip directed-broadcast > duplex auto > speed auto
> access-list 115 deny tcp any 192.168.1.0 0.0.0.255 neq www > access-list 115 deny udp any 192.168.1.0 0.0.0.255 neq 80 > access-list 116 permit udp 192.168.1.0 0.0.0.255 any > access-list 116 permit tcp 192.168.1.0 0.0.0.255 any I think you only want port tcp/80 open on 192.168.1.1 and all ports open on the other IPs, right? If so the acl below should do that. access-list 115 permit tcp any host 192.168.1.1 eq 80 access-list 115 deny ip any host 192.168.1.1 access-list 115 permit ip any any and optionally acl 116 access-list 116 permit tcp host 192.168.1.1 eq 80 any access-list 116 deny ip host 192.168.1.1 any access-list 116 permit ip any any Pascal ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
