Re: Web Access through PIX using no standard port

bsisco · ‎10-04-2004

A remote office of ours is using a web server configured on port 9000. I have added the following to our PIX firewall trying to keep the appearance of the web port normal, but I cannot access the site from outside. Where did I go wrong?

access-list service1 permit tcp any host a.b.c.d eq www

static (inside,outside) tcp a.b.c.d www e.f.g.h 9000 netmask 255.255.255.255 0 0

access-group service1 in interface outside

Thanks!

a.awan · ‎10-04-2004

The configuration looks good. Can you verify the following:

1. Webservice is indeed running on port 9000 and responding to requests.

2. Default gateway configured properly on the server.

3. No access-list on the inside interface. If there is one then make sure that it permits communication from the webserver to outside world.

4. Requests from outside are routing properly to the PIX for a.b.c.d address.

If everything looks good then turn logging on the PIX using:

logging on

logging buffered debug

Then initiate a connection to the server from the outside and post the logs here.

Patrick Iseli · ‎10-04-2004

Everything look good!

access-list service1 permit tcp any host a.b.c.d eq www

static (inside,outside) tcp a.b.c.d www e.f.g.h 9000 netmask 255.255.255.255 0 0

a.b.c.d = Public IP

e.f.g.h = Private IP

have you done a "clear xlate"? Take care this resets all sessions.

sincerely

Patrick

bsisco · ‎10-04-2004

1. Yes http://localhost:9000 reponds on the server (and other servers.

2. Default gateway is configured properly.

3. No inside access-lists (YET :)

4. Requests are being routed properly

and in response to the following reply -

Darn it I should've known that

Clear Xlate worked!

Thanks Fellas! You guys/gals rock!