Archived from groups: comp.security.firewalls (More info?)
I need my firewall to let traffic for mail (tcp port 25) from the
OUTSIDE int to the INSIDE int. I also need to allow traffic for SSH
(tcp port 22) from the OUTSIDE int to the DMZ. Right now only mail
gets thru to its target server on the INSIDE int. below is my config.
what could be wrong?
here is my config. What could be wrong now
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password BObnFRYhrLLX7XML encrypted
passwd a0Zhrf6icaFKoQsr encrypted
name 192.168.11.35 mx1
access-list acl_out permit tcp any host 207.97.140.22 eq smtp
access-list acl_out permit tcp any host 207.97.140.22 eq https
access-list acl_out permit tcp any host 207.97.140.130 eq ssh
access-list 101 permit ip 192.168.11.0 255.255.255.0 192.168.15.0
255.255.255.0
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.15.0
255.255.255.0
access-list 101 permit ip 192.168.22.0 255.255.255.0 192.168.15.0
255.255.255.0
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 207.97.140.3 255.255.255.0
ip address inside 192.168.11.50 255.255.255.0
ip address dmz 192.168.100.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 192.168.15.1-192.168.15.254
arp timeout 14400
global (outside) 1 207.97.140.200-207.97.140.225
global (outside) 1 207.97.140.226
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 207.97.140.22 mx1 netmask 255.255.255.255 0 0
static (dmz,outside) 209.97.140.130 192.168.100.41 netmask
255.255.255.255 0 0
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 207.97.140.1 1
route inside 192.168.0.0 255.255.255.0 192.168.11.1 1
route inside 192.168.22.0 255.255.255.0 192.168.11.1 1
I need my firewall to let traffic for mail (tcp port 25) from the
OUTSIDE int to the INSIDE int. I also need to allow traffic for SSH
(tcp port 22) from the OUTSIDE int to the DMZ. Right now only mail
gets thru to its target server on the INSIDE int. below is my config.
what could be wrong?
here is my config. What could be wrong now
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 dmz security50
enable password BObnFRYhrLLX7XML encrypted
passwd a0Zhrf6icaFKoQsr encrypted
name 192.168.11.35 mx1
access-list acl_out permit tcp any host 207.97.140.22 eq smtp
access-list acl_out permit tcp any host 207.97.140.22 eq https
access-list acl_out permit tcp any host 207.97.140.130 eq ssh
access-list 101 permit ip 192.168.11.0 255.255.255.0 192.168.15.0
255.255.255.0
access-list 101 permit ip 192.168.0.0 255.255.255.0 192.168.15.0
255.255.255.0
access-list 101 permit ip 192.168.22.0 255.255.255.0 192.168.15.0
255.255.255.0
mtu outside 1500
mtu inside 1500
mtu dmz 1500
ip address outside 207.97.140.3 255.255.255.0
ip address inside 192.168.11.50 255.255.255.0
ip address dmz 192.168.100.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool ippool 192.168.15.1-192.168.15.254
arp timeout 14400
global (outside) 1 207.97.140.200-207.97.140.225
global (outside) 1 207.97.140.226
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 207.97.140.22 mx1 netmask 255.255.255.255 0 0
static (dmz,outside) 209.97.140.130 192.168.100.41 netmask
255.255.255.255 0 0
static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0 0 0
access-group acl_out in interface outside
route outside 0.0.0.0 0.0.0.0 207.97.140.1 1
route inside 192.168.0.0 255.255.255.0 192.168.11.1 1
route inside 192.168.22.0 255.255.255.0 192.168.11.1 1