>How would I block all people outside of our LAN from a certain IP in our
>lan? (actually for a website). I had tried some of your suggestions but
>am still having a problem. Shouldn't this work:
No. The filters are processed from top down. The first rule that matches
ends the processing. So you are denying all access to port 80 (deny from
any address including your local LAN). Also there is an
implicit deny at the end of the rule so all packets should be denied.
>
>deny 0.0.0.0/0 206.30.200.X/32 tcp dst eq 80
>permit 206.30.200.0/32 206.30.200.X/32 tcp dst eq 80
>
You might try:
permit 206.30.200.0/24 206.30.200.X/32 tcp dst eq 80
deny 0.0.0.0/0 206.30.200.X/32 tcp dst eq 80
permit 0.0.0.0/0 0.0.0.0/0
First line: Permit your internal IP (206.30.200.X/32) to be accessed by
206.30.200.0/24 (I am assuming a /24 for your LAN....) on port 80.
Second line: Deny all other HTTP access to your internal IP
(206.30.200.X/32)
Third line: Permit everything else.
I am no expert on filter, but am doing something similar using a similar
filter.
>assuming the 206.30.200.x is the internal ip that I want to block
>outsiders from.
Michael
----------------------------------------------------------------------------
Michael J. Hartwick, VE3SLQ
Hartwick Communications Consulting
hartwick@primeline.net