I have a requirement for clients on a VLAN to access the internet (no problem) and to access a web server (a problem). If we move the webserver to the 2nd VLAN we would want clients to access the internet, but only to access this one machines web server. My idea was to use a PIX firewall as we need some method of providing clients with a DHCP address (along with a few other reasons).
The webserver would sit outside the PIX, so internal wireless clients would be going outbound to it, meaning this is NOT on the same network.
Can I specify in the PIX to allow outbound access to the internet, but then specify access to this one server only through port 80? In other words I want to specify that the only traffic allowed on a 192.168.1.0 network is to machine 192.168.1.2 on port 80. All other networks are allowed, i.e. all external WANs