Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running a webserver behind a Cisco 1605

Status
Not open for further replies.
digidee

digidee

IS-IT--Management
May 20, 2003
1
US
I can't seem to get port 80 to open on my
cisco 1605. I'm useing the following line:
access-list 100 permit tcp any host 192.168.1.3 eq 80

(among others)
This is but one access list statements.

Thanks for the help,
Digidee
 
Sort by date Sort by votes
Change it from 100 to 101 which is an extended IP access list which is what you want with the eq 80. Dont forget the implied DENY ALL at the end which will block everything you have not said expressly to pass through.

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Where is your access-list is the entry for www? Try re-writing your access-list and putting it at the very top to ensure you are not stepping on your own toes (the rule of thumb I have always heard is specific to general...)

Secondly, take a look at using 'ip accounting access-violations' and 'show ip accounting access-violations' to give you an idea of if anything is making it to your list and where it is being denied.

You can also turn on logging (either console - although its sometimes tricky that way -- or to a syslog server) and that will give you the packets as they are being denied. You will need to turn on 'debug ip access-list detail' and/or 'debug ip access-list lookup' (I can't remember which...).

Hope this helps a bit,
Paul Kincaid

P.S. wybnormal -- f.y.i. 100 is within the extended list.
 
Upvote 0 Downvote
Paul- You are correct.. I mis-remembered the numbering.. thats what I get for thinking ;-)

Good catch of a small but important error

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Do you have an access list going the other way?

One of the most common mistakes I see is to allow the port 80 traffic inbound but to not allow the return traffic outbound.

--chris
 
Upvote 0 Downvote
bhandari
- sorry I missed your question after my reply....

You need to apply the access list to the interface as follows:

router# conf t
router(config)# interface e0 (or whatever the interface name is)
router(config-if)# ip access-group 100 in
router(config-if)# end
router# write memory

Hope this helps,
Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
228
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
213
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
208
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
212
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
269
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top