hello i am trying to map a drive o

[8624]

hello
i am trying to map a drive on a webserver in my dmz to a computer on the inside (SQL SERVER)Database. i can ping the server in the dmz for the inside and i can ping the translate ip address of the sql server from the dmz. but when i try to mapa drever the the translated ip address it attempts but fails, however, from the inside, i can map a dreve or foldre form the sql server to the web server with no problem.

what up with that.

also should i be able to ping the inside address of 10.10.10.x from the dmz or will i only be able to ping the translated ip of 192.168.1.251 for a server on the inside(10.10.10.x), because on the inside, i can ping the dmz ip address 192.168.1.x with no problem.

am i missing somthing can someone explan it to me thanks.

 

[baddos]

You don't have an access-list or a conduit list to permit the DMZ server access to the INSIDE server. If you want to change that, you'll have to explicity allow that.

By default the PIX will allow a higher level security interface access to a lower security interface without any access-lists or conduits. If you want it the other way around, you'll need to apply an access-list or conduit list.

 

[8624]

here is my problem trying to map a drive from dmz to inside server.

public ip of the sql server is 164.229.16.223
public ip of the web server is 164.229.16.224
ip address of the web in the dmz is 192.168.1.222
ip address of the sql server inside 10.10.10.223
1p address of the sql translated to the dmz is 192.168.1.251


SQL statments below

to allow SQL Server to access the outside

static (inside,outside) 164.229.16.223 10.10.10.223 netmask 255.255.255.255
access-list outside_inbound permit tcp any host 164.229.16.223

to allow the SQL Server to access the inside will this work if so how will it allow me to map a drive to the server using the translated ip address? will i be able to ping the inside 10,.10.10.x netwrok or will i only be able to ping the 192.168.x.x from the dmz.(must be able to ping the ip address before you can map right)i can ping form the inside to the dmz no problem no problem cant ping the 10.10.10.x network for the dmz.

access-list DMZ_inbound permit tcp host 192.168.1.222 host 192.168.1.251
or
access-list DMZ_inbound permit tcp host 192.168.1.222 host 10.10.10.10
not sure

provide translation for the 10.10.10.x network to the dmz

static (inside,DMZ) 192.168.1.251 10.10.10.223 netmask 255.255.255.255 0 0

 

[yizhar]

HI.

> am trying to map a drive on a webserver in my dmz to a computer on the inside (SQL SERVER)Database
What for?
If you need to access an SQL database, you do not need to map a network drive for that task.

> access-list outside_inbound permit tcp any host 164.229.16.223
Wrong here.
You should remove the above line.

My advice is to ask an expert to help you with designing and configuring the network, and protecting it at the network, OS and application layers.

Bye


Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[tav1035]

8624,
We had simular problem on one client computer and found that our firewall (BlackICE)was denying us access to the server.
We could any drive to any server except one running SQL server2000.
Futher investigating and virus scan found C:\ProgramFiles\ISS\BlackIce\evd000.enc is infected with
Win32.SQLSlammer.worm.
I think they ended up forcing BlackICE to except the IP address.
tav