Opening Port on 501 PIX to Host Web Server 1

[subzerocool]

Hi guys, I'm still new here and was wondering if you could help me with my 501 PIX. I have it set up with a one to many NAT set up and running as a DHCP server. Everything is running fine, I would like to open up a port so I can host a web server but I'm not sure with how to do that. I have the server on IP address 192.168.0.50. Sorry if I'm not asking the right questions, I just recently started working on the PIX, it's hard to find good documentation. The ones I found on the net helped but some of them were missing a few parameters. Please help me, thank you.

 

[unclerico]

you need two things; an ACL and a static NAT entry:

access-list outside_access_in extended permit tcp any <outside_ip_address> eq www

static (inside,outside) tcp interface 80 192.168.0.50 80

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[subzerocool]

Would this affect any of the computers that are already connected?

 

[unclerico]

connected how??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[subzerocool]

I have a server and 2 workstations connected to it. All have connections to the internet. The PIX is also a DHCP server. I'm sorry if I'm asking the wrong questions, I'm still new to the PIX. I have NAT, DHCP set up. I tried access lists before but they never came out right. Its hard to find good documentation for the PIX, at least for me.

 

[unclerico]

it's no problem everyone is new at some point. no there should not be any connectivity issues with people inside accessing outside resources when these ACL and static statements are added.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[subzerocool]

I was wondering if I'm doing something wrong. I still can't get it to work. Here is how I have it now, I decided to do it from scratch one more time and it hasn't worked.
Cisco PIX model: 501
Internal IP address: 192.168.100.1
OS: 6.3

Here is how I programmed it from the beginning:
interface ethernet0 auto
interface ehternet1 100full
ip address outside xxx.xx.xxx.xxx 255.255.255.0
ip address inside 192.168.100.1 255.255.255.0
route outside 0.0.0.0 0.0.0.0 xxx.xx.xxx.x
global (outside) 1 interface
nat (inside) 1 192.168.100.0 255.255.255.0 0 0
dhcpd address 192.168.100.100-192.168.100.110 inside
dhcpd dns 192.168.100.200
dhcpd enable inside
access-list inbound permit icmp any any
access-list inbound permit tcp any host xxx.xx.xxx.xxx eq www
access-group inbound interface outside
static (inside,outside) xxx.xx.xxx.xxx 192.168.100.200 netmask 255.255.255.255 0 0

I'm trying to have it work as a DHCP server and be able to host my web server. Once I entered the static command, I can't ping anything fromt he outside. Please let me know what I'm missing, thanks.

 

[subzerocool]

Nevermind, if figured it out now. Thanks for all the help guys, I appreciate it. Sorry if I asked questions that were already answered, I went through a lot of the forum last night but most posts had different configurations. This forum has been a lot of help for me. I figured out where I went wrong.

 

[stevefcp1]

Hi,

Subzerocool is there a chance you could post how you solved the problem as i have the same issue trying to access my webserver.

Thanks