Re: Is the FAQ right on how to set up transparent proxying with Cisco ???

From: Malcolm B.J. Garbutt <mgarbutt@dont-contact.us>
Date: Sun, 25 Jan 1998 12:46:55 +1100 (EST)

On Thu, 15 Jan 1998, Armistead, Jason wrote:

> Hi
>
> I have a question about the FAQ, in relation to its accuracy.
>
>
> Transparent proxying with Cisco
>
> by John Saunders
>
> [snip lead in stuff]
>
> Define an access list to trap HTTP requests. The first line
> allows the Squid host direct access so an routing loop is not formed.
>
> I think this statement is wrong. The first line DENIES the cache host
> 203.24.132.2 from accessing WWW (port 80) ports on any target host.
>
> !
> access-list 110 deny tcp host 203.24.133.2 any eq www
> access-list 110 permit tcp any any eq www
> !
>
I agree, its wrong, it should be as below ,as the cisco, does 1 line at a
time,so you have tosay host is ok, then deny everyone else.
               !
               access-list 110 permit tcp host 203.24.133.2 any eq www
               access-list 110 deny tcp any any eq www
               !

> Anyone else care to comment/explain to a poor mortal such as I trying to
> work out the inner secrets of Cisco IOS ?
Thanks for the offer :-)

>
> Regards
>
> Jason
>

_________________________________________________________
Malcolm Garbutt
Network Operations-
OZLAND.NET MILDURA.NET MURRAY.NET

Office Ph. 03 50 212 991 Office Fax 03 50 212 932
Emergency Ph. 018 596 150

            .....Bringing the World to You......
_________________________________________________________
Received on Sat Jan 24 1998 - 17:42:13 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:30 MST