On Thu, 15 Jan 1998, Armistead, Jason wrote:
> Hi
>
> I have a question about the FAQ, in relation to its accuracy.
>
>
> Transparent proxying with Cisco
>
> by John Saunders
>
> [snip lead in stuff]
>
> Define an access list to trap HTTP requests. The first line
> allows the Squid host direct access so an routing loop is not formed.
>
> I think this statement is wrong. The first line DENIES the cache host
> 203.24.132.2 from accessing WWW (port 80) ports on any target host.
>
> !
> access-list 110 deny tcp host 203.24.133.2 any eq www
> access-list 110 permit tcp any any eq www
> !
>
I agree, its wrong, it should be as below ,as the cisco, does 1 line at a
time,so you have tosay host is ok, then deny everyone else.
!
access-list 110 permit tcp host 203.24.133.2 any eq www
access-list 110 deny tcp any any eq www
!
> Anyone else care to comment/explain to a poor mortal such as I trying to
> work out the inner secrets of Cisco IOS ?
Thanks for the offer :-)
>
> Regards
>
> Jason
>
_________________________________________________________
Malcolm Garbutt
Network Operations-
OZLAND.NET MILDURA.NET MURRAY.NET
Office Ph. 03 50 212 991 Office Fax 03 50 212 932
Emergency Ph. 018 596 150
.....Bringing the World to You......
_________________________________________________________
Received on Sat Jan 24 1998 - 17:42:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:30 MST