PIX & Ports
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||
|
Posted by Greg on August 18, 2006, 2:17 pm
Please log in for more thread options
I'm currently opening up a port on our PIX firewall to allow port 10323 into our web services using https. When I'm coming from the internet the page https://name.org:10323/x/x and https://x.x.x.x:10323/x/x also works. The problem is I can't access it I'm inside the network and try to access https://name.org:10323/x/x and https://x.x.x.x:10323/x/x . I have no problem access the web page itself from inside but only when I try to access it using port 10323. Thanks | ||||||||||||||||
|
Posted by Gary on August 18, 2006, 3:07 pm
Please log in for more thread options the internal IP. When the DNS resolve the name it returns a public IP, but the internal machine is private Gary Gary  | ||||||||||||||||
|
Posted by Chad Mahoney on August 18, 2006, 3:08 pm
Please log in for more thread options Greg wrote: Do a google search for DNS doctoring. Not sure what code you are running but in older versions you would place the alias command in the static statement in newer code you place dns in the static statement.; new code: static (outside, inside) 10.y.y.249 209.x.x.35 netmask 255.255.255.255 dns not sure on the old code syntax. | ||||||||||||||||
|
Posted by Erik Tamminga on August 18, 2006, 3:26 pm
Please log in for more thread options Hi Greg,Let me summarize: http://x.x.x.x:10323/x works from the outside but doesn't work from the inside AND http://x.x.x.x/x works from the inside Please check the following to make sure nothing stops traffic .... - should the traffic pass the firewall at all (in other words, is x.x.x.x located on a third (dmz) interface? - do you have a nat(inside) .... and global(dmz) ... entry for traffic destined to x.x.x.x - any static(inside,dmz) ... that conflict with other nat statements. - do the nat/global statements include port 10323 (in other words, is this port-forwarding or just plain addres translation) - what does your access-list say on the inside interface (inbound). - is traffic to x.x.x.x:10323 from the inside mentioned in the syslog messages generated by the pix? If yes, what does it say... - if the above didn't ring a bell somewhere, please send us a config snippet.... Regards, Erik | ||||||||||||||||
| Similar Threads | Posted |
| 871 and USB ports | September 9, 2005, 11:58 am |
| ports in pix | November 1, 2005, 6:44 pm |
| PIX & Ports | August 18, 2006, 2:17 pm |
| QoS on some ports | April 6, 2007, 8:23 am |
| PIX 501 LAN Ports | May 5, 2008, 11:48 pm |
| ports | May 11, 2010, 11:50 am |
| protected ports | December 15, 2005, 2:06 pm |
| AUX/Consol ports | April 13, 2006, 7:54 am |
| trunk ports | September 1, 2006, 6:46 pm |
| NAT doesn't seem to work on all ports | June 14, 2005, 5:29 pm |
| range of ports in ACL on PIX? | June 16, 2005, 2:53 pm |
| LANs and ports | September 7, 2006, 1:21 pm |
| VPN Firewall ports | September 8, 2006, 11:09 am |
| firewall ports | October 1, 2006, 9:37 pm |
| Opening Ports | December 6, 2006, 1:04 pm |
|
Home Cabling Guide
Finally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Click Here to learn more |
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x .
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
> Thanks