DMZ rules help on PIX

[1666]

Hi, I want to install a game server (Half Life) onto my Cisco Pix 515 firewall. At the moment I have am using a server for Outlook Web Access and want to install the game on this Win2k server. Below are the ports I need to use, how can I create the rule in the web application on Pix?
have these ports open incoming and outgoing:-

I wondered if you can give me a step-by-step guide on creating one TCP rule and one UDP?

TCP:
6003
7002

UDP:
27005
27010
27011
27012
27013
27015

Regards

Andy

 

[Benny101]

I'm assuming you are NAT'g the main server.

ie; one side internet(outside) and one side internal(inside)
do you have the NAT set up?

you just need to create access-lists for the interfaces, so


name MAILSERVER_IP_ADDRESS MAILSERVER
access-list incoming permit tcp any host MAILSERVER eq 6003

repeat line for all the port numbers required.(change to UDP where needed)
then apply to the interface
access-group incoming in interface outside

outbound access is allowed from a higher security to a lower security interface by default, but assuming you put an access-list on anyway, it is the same process

access-list outgoing permit tcp host MAILSERVER any eq 6003
etc

access-group outgoing in interface inside


Hope that helps, I'm sure someone will correct me if I'm a mile wrong

Cheers

J

 

[1666]

Hi, well I have noticed that the OWA server is on the DMZ, this server will host the game server, it comunicates with the internal exchange server and can access the internet.....