PIX Config Change

[technical1]

Hi All,
I recently added a new static ip mapping (inside, outside) to my config.

And ive given access from the outside world for

http://www and

ftp.
However when i try and connect via the internet to

http://www or

ftp it fails to connect to the server at all.

ive done a show xlate and i can see the mapping which is correct, the relevant services are running on the server.

Do you think the firewall just needs a reload?

 

[baddos]

Where is the access-group command applied to? Sounds like you applied it to the "inside" interface. If so, you will need to apply it to the "outside" interface and not the "inside".

-Bad Dos

 

[technical1]

Hi,
I have added the following lines to my config:
(for inbound traffic)
access-list acl_out permit tcp any host 212.212.x.x eq www
access-list acl_out permit tcp any host 212.212.x.x eq www
(outbound traffic)
access-list acl_in permit tcp host 172.1.1.45 any eq domain
access-list acl_in permit udp host 172.1.1.45 any eq domain
access-list acl_in permit tcp host 172.1.1.45 any eq www
(NAT mapping)
static (inside,outside) 212.212.x.x 172.1.1.45 netmask 255.255.255.255 0 0

 

[brontosaurus]

I don't think you answered baddos' question...please show your "access-group" commands just to be sure. Also, where's the access-list for FTP?

 

[technical1]

I believe this is the access list that is set:
access-group acl_out in interface outside
access-group acl_in in interface inside

 

[brontosaurus]

on your STATIC command, what's the trailing "0 0" for? Is that a typo? Remove that, and issue a "clear xlate".

 

[baddos]

According to your ACL... Only the 172.1.1.45 host can use

http://www and

dns outbound. Is this what you are intending?

-Bad Dos