11-13-2005 05:31 AM - edited 02-21-2020 12:31 AM
Hi,
We are trying to NAT a new linux box (running Fedora Relase 4) and getting odd results. We cannot access the box via NAT unless our source address is one from the same network as outside interface. We thought at was a problem with SElinux and built in firewall, but we reinstalled the software with both disabled and the problem got worse. You have to be on the same subnet as the outside interface and he only accoiunt that works is "root". I realize this dies not sound like a PIX issue, but any insight would help.
TIA,
Sam
11-13-2005 05:33 AM
Sorry about all the typos.
11-13-2005 03:03 PM
internet <--> pix <--> linux
assuming the simplified topology is accurate, and the issue is that no inbound access to the linux box.
firstly, compare the current pix config with the sample below:
static (inside,outside) tcp interface
access-list inbound permit
access-group inbound in interface outside; or
static (inside,outside)
access-list inbound permit
access-group inbound in interface outside
to verify the nat, do "sh xlate | in
to verify the acl, do "sh access-l inbound".
11-18-2005 12:34 PM
Thanks, found the problem to be a problem on the ISP choke router.
11-18-2005 02:51 PM
it's good to learn that your issue has been resolved. please feel free to discuss any other issue you've got.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide