help with acl and webserver

[SQL2KDBA69]

i have a 1700 12.3 ios im trying to setup up a web server behind but i can get a response here is the acl i have

access-list 100 permit tcp any any established
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any eq

http://www any

eq www

on the wic0 in have ip access-group 100 in

its works fine with out the acl.

please help.

 

[rburke]

Try changing this line:
access-list 100 permit tcp any eq

http://www any

eq www

to this:

access-list 100 permit tcp any <IP of webserver> eq www

That should work. The porblem you had was that it was dropping the packets because you were requiring that the soruce and desintation ports had to be 80 at the same time. This is not the way a client server model works. The source port of a packet that originates from a HTTP client is going to have a random port above 1024, and in that packet the destination port is 80 to the webserver IP. Then when the webserver replies it is the exact opposite. The webserver will send with a source port as 80 and then the destination port will be that random port above 1024 from the original client packet.

Burke