If you were Registered and logged in, you could reply and use other advanced thread options
|
Posted by Greg on August 18, 2006, 2:17 pm
Hello,
I'm currently opening up a port on our PIX firewall to allow port 10323
into our web services using https.
When I'm coming from the internet the page https://name.org:10323/x/x
and https://x.x.x.x:10323/x/x also works. The problem is I can't access
it I'm inside the network and try to access https://name.org:10323/x/x
and https://x.x.x.x:10323/x/x.
I have no problem access the web page itself from inside but only when
I try to access it using port 10323.
Thanks
|
|
Posted by Gary on August 18, 2006, 3:07 pm
You will need an alias command on that so the PIX can transl;ate the IP to
the internal IP.
When the DNS resolve the name it returns a public IP, but the internal
machine is private
Gary
Gary
> Hello,
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x.
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
> Thanks
|
|
Posted by Chad Mahoney on August 18, 2006, 3:08 pm
Greg wrote:
> Hello,
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x.
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
> Thanks
Do a google search for DNS doctoring. Not sure what code you are
running but in older versions you would place the alias command in the
static statement in newer code you place dns in the static statement.;
new code: static (outside, inside) 10.y.y.249 209.x.x.35 netmask
255.255.255.255 dns
not sure on the old code syntax.
|
|
Posted by Erik Tamminga on August 18, 2006, 3:26 pm
Hi Greg,
Let me summarize:
http://x.x.x.x:10323/x works from the outside but doesn't work from the
inside AND
http://x.x.x.x/x works from the inside
Please check the following to make sure nothing stops traffic ....
- should the traffic pass the firewall at all (in other words, is x.x.x.x
located on a third (dmz) interface?
- do you have a nat(inside) .... and global(dmz) ... entry for traffic
destined to x.x.x.x
- any static(inside,dmz) ... that conflict with other nat statements.
- do the nat/global statements include port 10323 (in other words, is this
port-forwarding or just plain addres translation)
- what does your access-list say on the inside interface (inbound).
- is traffic to x.x.x.x:10323 from the inside mentioned in the syslog
messages generated by the pix? If yes, what does it say...
- if the above didn't ring a bell somewhere, please send us a config
snippet....
Regards,
Erik
> Hello,
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x.
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
> Thanks
>
|
| Similar Threads | Posted | | VPN ports | April 4, 2005, 2:36 pm |
| 871 and USB ports | September 9, 2005, 3:58 pm |
| ports in pix | November 1, 2005, 3:44 pm |
| QoS on some ports | April 6, 2007, 8:23 am |
| PIX 501 LAN Ports | May 5, 2008, 11:48 pm |
| PIX: How-to: restricting ports used for PAT | July 20, 2004, 11:28 am |
| VPN and blocking ports | November 22, 2004, 10:08 am |
| Securing Ports | November 29, 2004, 7:16 am |
| Can I use 2 aux ports to practice DDR? | December 21, 2004, 2:48 am |
| NAT doesn't seem to work on all ports | June 14, 2005, 2:29 pm |
|
|
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map
> I'm currently opening up a port on our PIX firewall to allow port 10323
> into our web services using https.
> When I'm coming from the internet the page https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x also works. The problem is I can't access
> it I'm inside the network and try to access https://name.org:10323/x/x
> and https://x.x.x.x:10323/x/x.
> I have no problem access the web page itself from inside but only when
> I try to access it using port 10323.
> Thanks