Hello,
I'm currently opening up a port on our PIX firewall to allow port 10323 into our web services using https.
When I'm coming from the internet the page
Thanks
You will need an alias command on that so the PIX can transl;ate the IP to the internal IP.
When the DNS resolve the name it returns a public IP, but the internal machine is private
Gary
Do a google search for DNS doctoring. Not sure what code you are running but in older versions you would place the alias command in the static statement in newer code you place dns in the static statement.;
new code: static (outside, inside) 10.y.y.249 209.x.x.35 netmask
255.255.255.255 dns not sure on the old code syntax.Hi Greg,
Let me summarize:
http://x.x.x.x:10323/x works from the outside but doesn't work from the inside AND http://x.x.x.x/x works from the inside
Please check the following to make sure nothing stops traffic ....
- should the traffic pass the firewall at all (in other words, is x.x.x.x located on a third (dmz) interface?
- do you have a nat(inside) .... and global(dmz) ... entry for traffic destined to x.x.x.x
- any static(inside,dmz) ... that conflict with other nat statements.
- do the nat/global statements include port 10323 (in other words, is this port-forwarding or just plain addres translation)
- what does your access-list say on the inside interface (inbound).
- is traffic to x.x.x.x:10323 from the inside mentioned in the syslog messages generated by the pix? If yes, what does it say...
- if the above didn't ring a bell somewhere, please send us a config snippet....
Regards, Erik
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.