please help.Cannot access hosts in DMZ from outside

[banala1]

have PIX Firewall with three interfaces, Problem routing to DMZ

router---PIX----DMZ another interface to to inside

i have class c addresss from my ISP i subneted into 2 network with 255.255.255.128 first rang of addressx.x.x.1- x.x.x.126 is used for outside side interface of PIX which is connected to router and i used x.x.x128 - x.x.x.254 to DMZ i can ping any host or i cannot connect to any host on DMZ

how to route between these 2 networks





from outside i have the following accessl ist on the out side interface of PIX


access-list outside_access_in permit tcp any host x.x.x.130 eq smtp
access-list outside_access_in permit tcp any host x.x.x131 eq smtp
access-list outside_access_in permit udp any host x.x.x.130 eq domain
access-list outside_access_in permit udp any host x.x.x.131 eq domain
access-list outside_access_in permit icmp any any
access-list outside_access_in deny ip any any

 

[gbiello]

You may need to post your config for us.

Do you have any lines like:
static (inside,dmz) ...
static (dmz,outside) ...?

For your DMZ servers, I suspect you'll need lines like:

static (dmz,outside) x.x.x.130 x.x.x.130 netmask 255.255.255.255 0 0
static (dmz,outside) x.x.x.131 x.x.x.131 netmask 255.255.255.255 0 0

-gbiello

 

[yizhar]

HI.

How is the router configurred?
The router should use the same subnet mask, and have a static route for the DMZ range that points to the pix outside interface.

In addition, use this:
nat (dmz) 0 0 0

This eliminates the need for static commands.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar