On Fri, Oct 29, 1999 at 08:31:57AM -1000, Clifton Royston wrote:
> On Fri, Oct 29, 1999 at 06:02:29PM +0200, Barry van Dijk wrote:
...
> If you don't want incoming traffic to be redirected, you need to
> modify that access list, to add some deny lines for anything not on
> your network, or explicitly change the permit line to clients on your
> network. I'd recommend the latter, in which case you'd change the
> "permit" line above to read more like:
>
> access-list 110 permit tcp xxx.yyy.zzz.www mmm.mmm.mmm.mmm any eq www
>
> where xxx.yyy.zzz.www and mmm.mmm.mmm.mmm are the IP address and
> netmask for your internal network. If you have multiple internal
> networks (IP address blocks), put multiple lines like that, one for
> each.
P.S. As the other response pointed out, if the web server is on the
same machine as the proxy server, you also need to make sure the IP
forwarding there does not forward packets destined to your web server
to the proxy server instead.
However, the above router changes look necessary to me even if your
web server is on a separate machine.
-- Clifton
-- Clifton Royston -- LavaNet Systems Architect -- cliftonr@lava.net "An absolute monarch would be absolutely wise and good. But no man is strong enough to have no interest. Therefore the best king would be Pure Chance. It is Pure Chance that rules the Universe; therefore, and only therefore, life is good." - ACReceived on Fri Oct 29 1999 - 15:28:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:49:08 MST