?
Solved

Setting up a webserver  - Router>PIX>LAN>Webserver

Posted on 2003-03-23
11
Medium Priority
?
502 Views
Last Modified: 2013-11-29
I've just had broadband with static ip installed and want to setup a webserver/ftp/vpn access. However when i type the static ip address on my browser, it always points to the broadband router's login. Is there a way where the webserver can pick up the http requests? I have read that NAT/PAT or Routing might have something to do with this but i'm having dificulty setting this up.

My LAN setup is the following,

INTERNET >> BROADBAND ROUTER >> CISCO PIX >> LAN >> WEBSERVER WITH CITRIX NFUSE

I'm a newbie on networking so any help is appreciated :)
0
Comment
Question by:m0ley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
  • 2
11 Comments
 
LVL 41

Expert Comment

by:stevenlewis
ID: 8189730
you  will need to forward the correct ports to the server
>BROADBAND ROUTER what make and model?
you will also have to open those ports on the Cisco, and forward the ports there
0
 

Author Comment

by:m0ley
ID: 8189757
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.

http://myahead.com/go/look/product.show_product?v_id=2893
0
 

Author Comment

by:m0ley
ID: 8189783
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.

http://myahead.com/go/look/product.show_product?v_id=2893
0
WordPress Tutorial 3: Plugins, Themes, and Widgets

The three most common changes you will make to your website involve the look (themes), the functionality (plugins), and modular elements (widgets).

In this article we will briefly define each again, and give you directions on how to install them.

 
LVL 41

Expert Comment

by:stevenlewis
ID: 8189814
OK, I'm not familiar with that make.model, so you will have to read the manual on how to forward the ports
I suggest using a static internal ip for the server (makes forwarding the ports easier)
you will need to forward port 80 (http)
and 21 (ftp) and the vpn ports (depending on which vpn solution you use
see here
http://www.techimo.com/forum/t24181.html
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8189853
> I suggest using a static internal ip for the server (makes forwarding the ports easier)
Don't forget he's got the PIX in the middle.
My suggestion would be to set the IP address of the PIX as the "DMZ host", and do all the static translations/port forwarding on the PIX. Also suggest turning off the NAT function of the router and let the PIX do that, too. I hope you got a book with the router, or at least a web site to find the manual.

Assuming that your static IP address is assigned to the WAN port of the router:
What is the router's inside IP address? <public, or private address/>
What is the PIX's outside IP address? <must have router's inside address as default gateway>
What is the PIX's inside IP address? <must be different from outside>
What is your default gateway on your PC? <should be PIX inside>



0
 

Author Comment

by:m0ley
ID: 8190396
Imoore,

Thank you for the advice, i will set the ip address of the pix as the "DMZ host" and disable NAT function of the router. How do i turn NAT on using the Pix? At the moment it is set as "NAT 0.0.0.0 0.0.0.0 0 0".

What is the router's inside IP address?
<private address>

What is the PIX's outside IP address?
<private dhcp from router>

What is the PIX's inside IP address?
<private and different from outside(Router)>

What is your default gateway on your PC?
<private dhcp from PIX>

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8190453
On the PIX to setup nat:

global(outside) 1 interface
nat(inside) 1 0 0 0

While testing, you will need to explicitly permit ICMP back in:

access-list 101 permit icmp any any

access-group 101 in interface outside

Everything else looks good..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 8190496
That was for outbound nat. Assuming that you want to permit access to Infuse, and that you are using https:

static(inside,outside) tcp interface 443 <inside ip> 443

Now that I think about it, since the only "real" ip address is on the router, you'll have to keep the NAT on that router, and also use nat on the PIX. In effect, you're double-natting. Unless you can set an explict route on the dsl router for the internal private network..

0
 

Author Comment

by:m0ley
ID: 8197664
Imoore,

I did'nt have any luck with setting the pix as DMZ Server. Instead i've forwarded ports 80 & 443 to the Pix. However, i'm getting no ports open when running a port scanner. If i remove the pix, it works fine. I believe the next stage is to configure the firewall and forward ports 80 & 443 to the citrix server.

I have tried manually configuring the static route but having no luck. I'd appreciate it if you could shed some light onto this issue.
0
 

Author Comment

by:m0ley
ID: 8202107
So far to date, i have managed to forward ports 80 & 443
from adsl router to citrix server. The citrix webserver works good but without protection. Afterwards i changed the tcp ports to be forwarded to the Pix 501. After plugging in the Pix , i am having difficulty forwarding ports 80 & 443 to the citrix server.

I cannot get ports 80 & 443 opened on pix 501. I am in need of desperate help and therefore have increased the points. I am willing to increase the points to 1000 on successfully opening the ports.
0
 

Author Comment

by:m0ley
ID: 8202218
ok i've managed to sort this out now, i'm gonna transfer the points to Imoore as he guided me in the right direction.

Imoore,

Is it advisable to use the following command to open up a port.

access-list 101 permit tcp any any eq www

Many thanks
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses
Course of the Month12 days, 20 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question