Configure PIX to get to UNIX host from outside

[mmyers]

Help! I've got a configration question for my PIX 510 running version 4.4.

I have an internal UNIX server on IP address 192.168.1.30. Our external IP address range is 63.96.24.105 - 110. The global address set in the PIX is 63.96.24.107. I would like to ftp and telnet from the outside into the UNIX server. What commands would I need to facilitate this? I imagine some form of static and conduit commands, but I cannot figure out the right combination. Also, the UNIX host needs to be able to ftp and telnet to the outside as well. Any help would be greatly appreciated! Let me know if you need more info. I have my config in a word document, but cannot figure out how to attach the file to the post.

Thanks!
Michael

 

[xlee]

Haven't used ver 4.4 but I'm assuming the command is the same as the latest ver.

static 63.96.24.107 192.168.1.30 netmask 255.255.255.255
conduit permit tcp host 63.96.24.107 eq 21 any
conduit permit tcp host 63.96.24.107 eq 23 any

That's permitting telnet/ftp from anybody....you can restrict it to specific address range if you know it. Sessions initiated from inside your network to outside should work fine. No need to create conduits.

 

[mmyers]

Thank you xlee for your help. But we're still having problems. When I put in the commands you specified this is what happened: 1) No one can browse the internet from inside 2) I cannot get to the UNIX host from outside using 63.96.24.107 as the ip address. As soon as I remove the static command, we can browse the internet.

What am I missing?
Thanks!!
Michael

 

[xlee]

Post your config or e-mail them to me and I'll take a look at it.