How to set Access List for subnet traffic thru router 1

[pdecker]

My full question:

How would I set up an access list so that computers on a subnet connected to one FastEthernet of a router will be able to only receive traffic from computers on a subnet connected to the other FastEthernet of the same router?

(bad ascii drawing)

subnet1 ROUTER subnet2
Computer ---- | FEth0/0 , FE0/1 | ----- Computer

I am not very clear on the structure of the access-list commands (permit/deny), and the cisco doc was a little confusing. Can someone help make this a little clearer?

I want to do this using the "IP protocol" with the "permit" command. I have a Cisco 2600 series router

Thank you!

 

[simonxts]

You should make a list with all the source ip addresses going to any or specifick destination ip addresses. Than permit all the networks or subnets you want to go across. A deny is default implemented at the end of each acces list by the IOS. The enable the access-list on the interface it is coming into.

example:

ip access-list 1 permit 10.1.1.0 0.0.0.255 any
ip access-list 1 permit host 192.168.1.1 any
ip access-list 1 deny any any log

interface ethernet0
ip access-group 1 in

This should do it !

Simon