Hi,
I host a single web site on a server on my internal network (say for example on IP 192.168.1.100). I've tried to forward requests on HTTP through to this server but cannot get it working.
Would I be right in thinking I only require an Access rule to say any http request should be forwarded to the server hosting the web site? as shown below?
access-list outside_access_in extended permit tcp any eq www host
192.168.1.100 eq wwwThanks
No, that is not correct.
access-list outside_access_in extended permit tcp any interface outside eq www static (inside,outside) tcp interface www 192.168.1.100 www
Hi,
I tried what you listed below but I still cannot access the site on my server - would it matter that my IP address (public facing) is assigned dynamically?
When I look at the logging in ASDM it looks as if port 80 isn't being used for the requests?
No. You need 3 things to forward ports (PAT with single IP on outside interface, fx DHCP assigned from ISP):
Thats all - HTH
Martin Bilgrav
do I use the IP address shown for the outside interface - as seen on the home page within ASDM 5.0?
that is the IP address I have requests forwarded to - so I have
when I try a browse to the site it doesn't connect and I get page cannot be displayed. I've tried the site on the local network and it displays fine.
Thanks
I haven't worked with PIX 7.0, but in 6.2 and 6.3 you would need the word 'interface' instead of the actual outside IP address.
The IP that matches the A-record in DNS for the www host But you can also simply use the command "interface" hence it will use the interface IP nomatter what this is.
correct
If you are located on the inside of the pix, then you can not use your own WAN IP.
HTH Martin
Sorry I'm confused - what do you mean if I'm located on the inside of the pix then I cannot use my own WAN IP? My web server is located on the inside of my PIX.
The other thing I don't understand is when I connect the PIX outside interface to my cable modem I get an IP address of say 82.106.1.1. However when I connect a different router to the cable modem in place of the PIX the IP address I get is 82.106.13.22? I don't understand why I get different IP addresses.
If I try and access my web site with the second IP address (82.106.13.22) it connects fine (with port forwarding enabled on the router to 192.168.1.100). But obviously the IP address showing as the outside interface IP address on the PIX (82.106.1.1) won't and isn't working.
Also if I use
I don't understand why the IP is changing in this scenario could anyone shed any light on the matter?
Thanks
Note these are the real IP's I'm getting.
This is the problem. your web-server is on inside and your PC on inside. you type in your browser:
solution is to resolve to your inside IP for inside requests.
This have to be explained in the setup or config of your devices. fx does you ISP assign DHCP on WAN and are your devices config'ed to DHCP or static. If fx config'ed for static IP, the the devices are not configured alike. This would explain the IP change Also the very design of the Setup, from an ISP point of view, could explain this behavoir. fx they might have a class-c range and every body can obtain DHCP IP's (which are a stuid thing to do, but none the less seen before) and fx only certain MAC are allowed outside the ISP IP backbone.
How many public IP's are assigned to you ? What does the DNS a-record for your website point to ? This has to match, as I said before, with the config of your PIX.
192.168.1.100).Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.