10-04-2004 10:12 AM - edited 02-20-2020 11:39 PM
A remote office of ours is using a web server configured on port 9000. I have added the following to our PIX firewall trying to keep the appearance of the web port normal, but I cannot access the site from outside. Where did I go wrong?
access-list service1 permit tcp any host a.b.c.d eq www
static (inside,outside) tcp a.b.c.d www e.f.g.h 9000 netmask 255.255.255.255 0 0
access-group service1 in interface outside
Thanks!
10-04-2004 10:29 AM
The configuration looks good. Can you verify the following:
1. Webservice is indeed running on port 9000 and responding to requests.
2. Default gateway configured properly on the server.
3. No access-list on the inside interface. If there is one then make sure that it permits communication from the webserver to outside world.
4. Requests from outside are routing properly to the PIX for a.b.c.d address.
If everything looks good then turn logging on the PIX using:
logging on
logging buffered debug
Then initiate a connection to the server from the outside and post the logs here.
10-04-2004 10:44 AM
Everything look good!
access-list service1 permit tcp any host a.b.c.d eq www
static (inside,outside) tcp a.b.c.d www e.f.g.h 9000 netmask 255.255.255.255 0 0
a.b.c.d = Public IP
e.f.g.h = Private IP
have you done a "clear xlate"? Take care this resets all sessions.
sincerely
Patrick
10-04-2004 11:51 AM
1. Yes http://localhost:9000 reponds on the server (and other servers.
2. Default gateway is configured properly.
3. No inside access-lists (YET :)
4. Requests are being routed properly
and in response to the following reply -
Darn it I should've known that
Clear Xlate worked!
Thanks Fellas! You guys/gals rock!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide