RE: [fw-wiz] Re: IP aliasing behind a PIX
From: Don Owens (don@xlogistics.com)
Date: 01/24/03
- Next message: Nieveler, Juergen: "RE: [fw-wiz] Blocking email through the web services"
- Previous message: Ben Nagy: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
- In reply to: Noonan, Wesley: "RE: [fw-wiz] Re: IP aliasing behind a PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Don Owens <don@xlogistics.com> To: "Noonan, Wesley" <Wesley_Noonan@bmc.com> Date: Fri Jan 24 09:50:01 2003
I wasn't. The dmz port is actually the one being used and nat is turned
off. But the routing didn't seem to want to work until I put the
original static line in the conf. Then everything thing seemed to be
working (but we weren't using any virtual interfaces at that time).
Don
-- Don Owens don@xlogistics.com www.xlogistics.com Express Logistics 48541 Warm Springs Blvd., Ste. 505 Fremont, CA 94539
attached mail follows:
From: "Noonan, Wesley" <Wesley_Noonan@bmc.com> To: "'Don Owens'" <don@xlogistics.com>, firewall-wizards@honor.icsalabs.com Date: Wed, 22 Jan 2003 17:57:53 -0600
Maybe I am just missing something here... but why don't you just not use
NAT?
nat (inside) 0
Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan@bmc.com
http://www.bmc.com
> -----Original Message-----
> From: Don Owens [mailto:don@xlogistics.com]
> Sent: Wednesday, January 22, 2003 11:28
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Re: IP aliasing behind a PIX
>
> The problem has been resolved. Thanks to Mike Scher for pointing me to
> the "static" lines in the conf. The intention was to map the entire
> network behind the PIX (1-1 mapping, since the network is public), but
> the entry had a netmask of 255.255.255.255 instead of 255.255.255.224.
> Once I added a line with the correct netmask, the aliases began
> working. However, now I wonder why the main IP on each interface worked
> in the first place ...
>
> Don
>
> On Fri, 2003-01-17 at 18:04, Don Owens wrote:
> > Hi guys,
> >
> > I'm overloading interfaces on Solaris and Linux boxen to have multiple
> > IPs (same network though) behind a PIX firewall. From within the
> > network, the aliases work fine (i.e., the machines are accessible using
> > the aliased IPs). However, when trying to get to them from outside the
> > network, the IPs are unreachable. These are public IPs and the routing
> > works fine for each IP if that IP is the main IP of the box. If I swap
> > the IP of one of the aliases with the main IP, that IP is then
> > reachable. Then the alias works as well until I reboot the PIX.
> >
> > It seems to me this has to be the PIX, as I have not had this problem in
> > the past using access lists on routers as firewalls. Has anyone else
> > seen this problem? Am I missing a simple setting on the PIX or
> > something?
> >
> > Any ideas?
> >
> > Don
> >
> > --
> > Don Owens
> > don@xlogistics.com
> > www.xlogistics.com
> >
> > Express Logistics
> > 48541 Warm Springs Blvd., Ste. 505
> > Fremont, CA 94539
> --
> Don Owens
> don@xlogistics.com
> www.xlogistics.com
>
> Express Logistics
> 48541 Warm Springs Blvd., Ste. 505
> Fremont, CA 94539
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Next message: Nieveler, Juergen: "RE: [fw-wiz] Blocking email through the web services"
- Previous message: Ben Nagy: "Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk?"
- In reply to: Noonan, Wesley: "RE: [fw-wiz] Re: IP aliasing behind a PIX"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
