PIX & Ports
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||
|
Posted by Greg on August 18, 2006, 2:17 pm
Please log in for more thread options I'm currently opening up a port on our PIX firewall to allow port 10323 into our web services using https. When I'm coming from the internet the page https://name.org:10323/x/x and https://x.x.x.x:10323/x/x also works. The problem is I can't access it I'm inside the network and try to access https://name.org:10323/x/x and https://x.x.x.x:10323/x/x. I have no problem access the web page itself from inside but only when I try to access it using port 10323. Thanks | |||||||||||||||||||
|
Posted by Gary on August 18, 2006, 3:07 pm
Please log in for more thread options the internal IP. When the DNS resolve the name it returns a public IP, but the internal machine is private Gary Gary | |||||||||||||||||||
|
Posted by Chad Mahoney on August 18, 2006, 3:08 pm
Please log in for more thread options
Greg wrote: > Hello,
> > I'm currently opening up a port on our PIX firewall to allow port 10323 > into our web services using https. > > When I'm coming from the internet the page https://name.org:10323/x/x > and https://x.x.x.x:10323/x/x also works. The problem is I can't access > it I'm inside the network and try to access https://name.org:10323/x/x > and https://x.x.x.x:10323/x/x. > > I have no problem access the web page itself from inside but only when > I try to access it using port 10323. > > Thanks Do a google search for DNS doctoring. Not sure what code you are running but in older versions you would place the alias command in the static statement in newer code you place dns in the static statement.; new code: static (outside, inside) 10.y.y.249 209.x.x.35 netmask 255.255.255.255 dns not sure on the old code syntax. | |||||||||||||||||||
|
Posted by Erik Tamminga on August 18, 2006, 3:26 pm
Please log in for more thread options Hi Greg,
Let me summarize: http://x.x.x.x:10323/x works from the outside but doesn't work from the inside AND http://x.x.x.x/x works from the inside Please check the following to make sure nothing stops traffic .... - should the traffic pass the firewall at all (in other words, is x.x.x.x located on a third (dmz) interface? - do you have a nat(inside) .... and global(dmz) ... entry for traffic destined to x.x.x.x - any static(inside,dmz) ... that conflict with other nat statements. - do the nat/global statements include port 10323 (in other words, is this port-forwarding or just plain addres translation) - what does your access-list say on the inside interface (inbound). - is traffic to x.x.x.x:10323 from the inside mentioned in the syslog messages generated by the pix? If yes, what does it say... - if the above didn't ring a bell somewhere, please send us a config snippet.... Regards, Erik > Hello,
> > I'm currently opening up a port on our PIX firewall to allow port 10323 > into our web services using https. > > When I'm coming from the internet the page https://name.org:10323/x/x > and https://x.x.x.x:10323/x/x also works. The problem is I can't access > it I'm inside the network and try to access https://name.org:10323/x/x > and https://x.x.x.x:10323/x/x. > > I have no problem access the web page itself from inside but only when > I try to access it using port 10323. > > Thanks > | |||||||||||||||||||
| Similar Threads | Posted |
| 871 and USB ports | September 9, 2005, 11:58 am |
| ports in pix | November 1, 2005, 6:44 pm |
| PIX & Ports | August 18, 2006, 2:17 pm |
| QoS on some ports | April 6, 2007, 8:23 am |
| PIX 501 LAN Ports | May 5, 2008, 11:48 pm |
| protected ports | December 15, 2005, 2:06 pm |
| AUX/Consol ports | April 13, 2006, 7:54 am |
| trunk ports | September 1, 2006, 6:46 pm |
| NAT doesn't seem to work on all ports | June 14, 2005, 5:29 pm |
| range of ports in ACL on PIX? | June 16, 2005, 2:53 pm |
| LANs and ports | September 7, 2006, 1:21 pm |
| VPN Firewall ports | September 8, 2006, 11:09 am |
| firewall ports | October 1, 2006, 9:37 pm |
| Opening Ports | December 6, 2006, 1:04 pm |
| USB ports on SUP32 | March 30, 2007, 1:59 pm |
>
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
>
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x.
>
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
>
> Thanks
>