Web access through firewall

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
You can find the beginning of this thread in my thread with the same
subject in May 2005.  I can't figure out how to reply to that thread
here on Google Groups.

I have a Cisco PIX 501 Firewall and I need to provide access to one of
our web servers through the Internet on port 90.  We have a series of
fixed IP addresses on the net.

For practical purposes let's say that the internal IP address of the
web server is 10.10.0.111 and that our external fixed IP address is
212.212.212.101 (I grew up in New York City and 212 is the area code
).

In the end I need to be able to enter http://212.212.212.101:90/ on a
browser and go to the web server.

I hate to admit it but I did have this working from June 2005 until
about a week ago.  We changed Internet access providers and I've had to
reconfigure the PIX and have not been able to do so.  I can't find my
damn notes!

Here are the commands I have been trying to use based on my thread of
May 2005:

static (inside,outside) tcp interface www 10.10.0.111 80 netmask
255.255.255.255 0 0

access-list inside_acl permit tcp any host 212.212.212.101 eq 90

access-group inside_acl in interface outside

All of the commands work but the end result does not work.  I still can
not get through.

BTW I also tried changing the static command to the following:

static (inside,outside) tcp interface www 10.10.0.111 90 netmask
255.255.255.255 0 0

That didn't work either.

I feel that I am extremely close...

Any and all help and suggestions would be greatly appreciated.

Thanks.


Re: Web access through firewall

All you need is,
static (inside,outside) tcp interface 90 10.10.0.111 90 netmask
255.255.255.255 0 0

access-list inside_acl permit tcp any host 212.212.212.101 eq 90

access-group inside_acl in interface outside


--
joeblack

Thanks,
JoeBlack
------------------------------------------------------------------------
joeblack's Profile: http://www.CertificationChat.com/member.php?userid=9
View this thread: http://www.CertificationChat.com/showthread.php?t=8012


Re: Web access through firewall
Joeblack is correct, you need to change "www" to port 90.

Cisco Dude

Quoted text here. Click to load it



Re: Web access through firewall
Thank you both for your very helpful reply.

However doesn't port 80 have to be in the equation somewhere?

I'm redirecting 212.212.212.101:90 to 10.10.10.111:80

Surely port 80 has to somewhere be associated with the inside interface
no?

Thank you again both for your wonderfully rapid and helpful replies.

Thanks.


Re: Web access through firewall

If your webserver is listening on port 80, then you will have to use,

static (inside,outside) tcp interface 90 10.10.0.111 80 netmask
255.255.255.255 0 0

The content of the webserver will be avaliable to the internet via the
outside ip address of the pix on port 90.


--
joeblack

Thanks,
JoeBlack
------------------------------------------------------------------------
joeblack's Profile: http://www.CertificationChat.com/member.php?userid=9
View this thread: http://www.CertificationChat.com/showthread.php?t=8012


Re: Web access through firewall
The configuraton should be like this


Pix(configure)# static (inside,outside) tcp 212.212.212.101 90
10.10.0.111 80 netmask
255.255.255.255 0 0
Pix(configure)#access-list inside_acl permit tcp any host
212.212.212.101 eq 90
Pix(configure)# access-group inside_acl in interface outside


regards
dabance





Derek Erb wrote:
Quoted text here. Click to load it


Site Timeline