08-09-2001 12:49 PM - edited 02-20-2020 09:49 PM
I have a question possibly someone can help with. I am trying to allow access to a novell BM server to act as a SMTP proxy as well as a Web Proxy Server and I can't get Full connectivity to the DMZ eventhough I sue a static Conduit combo such as this.
static (dmz,outside) X.X.X.X 192.168.100.10 netmask 255.255.255.255 0 0
static (inside,dmz) 10.0.0.0 10.0.0.0 netmask 255.0.0.0 0 0
conduit permit udp host X.X.X.X 10.0.0.0 255.0.0.0
conduit permit tcp host X.X.X.X 10.0.0.0 255.0.0.0
conduit permit ip host X.X.X.X 10.0.0.0 255.0.0.0
conduit permit tcp host X.X.X.X eq smtp any
conduit permit tcp host X.X.X.X eq www any
conduit permit icmp host X.X.X.X any echo
DMZ is 192.168.X.X - inside is 10.X.X.X
08-13-2001 08:42 PM
I would like to help out here, but the information you provided is not enough to determine exactly what you are trying to do. If you like, you can email me directly.
08-14-2001 09:52 AM
Thanks, but I have got it working, via a work around that is not very secure, It is an inherant problem with Novell products and SLP registration, esentially I am trying to make sure SLP and Time Sync pass through the pic un translated, however they us a from of broadcast which pix doesn't pass. My best solution is to put a Linux box on my DMZ and use Squid the http proxy and use postfix as a Smart host relay for SMTP traffic.
09-07-2001 03:41 AM
I have some access problem with the security from low to high. My Microsoft SQL Server is connecting to Inside(High,100) and having network 192.168.1.0/24. My webserver is connecting to DMZ(low, 50) and having network 172.18.0.0/16. This webserver has to access to SQL server for datasource. I can't establish ODBC connection even though I use static/conduit pair of commands for opening the port 1433 from low to high security. Why? Please advise. Thanks.
09-08-2001 01:56 PM
- Make sure you have a route to the dmz network - Im sure you do:
route dmz 192.168.x.0 mask 255.255.255.0 192.168.x.1
etc..
- Use logging to troubleshoot your issue;
Try to see what error or if you are even getting through to the firewall - meaning if the PIX is seeing your traffic from the DMZ.
Use: sh conn - to see connections being bulit.
Use:
debug icmp trace
debug packet inside
debug packet dmz
the "no" option to turn off the above.
You can you this site to help you with any error messages for the PIX:
http://te.cisco.com/srvs/cgi-bin/webcgi.exe?New,KB=PIX,dtree=stepbystep
Hope it helps.
09-09-2001 07:28 PM
Thanks for this piece of info.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide