The web app went dark after a change

Scenario

After a maintenance window, the client at 10.0.1.10 can no longer use the web server at 10.0.2.10. There is more than one fault. Two routers sit between them, R1 (client side) and R2 (server side).

• An ACL on R1 is over-blocking: it's dropping the web traffic it should allow. Telnet to the server is meant to be blocked, and should stay that way.
• R2 is missing a route back to the client subnet, so even traffic that gets through has no way home.

Topology

• client 10.0.1.10/24 → R1 10.0.1.1
• R1 ↔ R2 link: R1 10.0.12.1/24, R2 10.0.12.2/24
• server 10.0.2.10/24 → R2 10.0.2.1

Your job

Fix both faults so the client can reach the web server (TCP 80), while telnet (TCP 23) to the server stays denied, without changing any addressing.

What "done" looks like

R1 permits web and still denies telnet to the server; R2 has a return route to 10.0.1.0/24; the client reaches the web server end to end.

Teaches: connectivity failures are often layered: fix the filter and the routing, and confirm the policy you were supposed to keep (telnet denied) is still in place.