m0ley
asked on
Setting up a webserver - Router>PIX>LAN>Webserver
I've just had broadband with static ip installed and want to setup a webserver/ftp/vpn access. However when i type the static ip address on my browser, it always points to the broadband router's login. Is there a way where the webserver can pick up the http requests? I have read that NAT/PAT or Routing might have something to do with this but i'm having dificulty setting this up.
My LAN setup is the following,
INTERNET >> BROADBAND ROUTER >> CISCO PIX >> LAN >> WEBSERVER WITH CITRIX NFUSE
I'm a newbie on networking so any help is appreciated :)
My LAN setup is the following,
INTERNET >> BROADBAND ROUTER >> CISCO PIX >> LAN >> WEBSERVER WITH CITRIX NFUSE
I'm a newbie on networking so any help is appreciated :)
ASKER
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.
http://myahead.com/go/look/product.show_product?v_id=2893
http://myahead.com/go/look/product.show_product?v_id=2893
ASKER
The modem is an Etec USB ADSL Modem Router - Integrated 4 Port Fast Ethernet Hub. Specs can be view from the link below.
http://myahead.com/go/look/product.show_product?v_id=2893
http://myahead.com/go/look/product.show_product?v_id=2893
OK, I'm not familiar with that make.model, so you will have to read the manual on how to forward the ports
I suggest using a static internal ip for the server (makes forwarding the ports easier)
you will need to forward port 80 (http)
and 21 (ftp) and the vpn ports (depending on which vpn solution you use
see here
http://www.techimo.com/forum/t24181.html
I suggest using a static internal ip for the server (makes forwarding the ports easier)
you will need to forward port 80 (http)
and 21 (ftp) and the vpn ports (depending on which vpn solution you use
see here
http://www.techimo.com/forum/t24181.html
> I suggest using a static internal ip for the server (makes forwarding the ports easier)
Don't forget he's got the PIX in the middle.
My suggestion would be to set the IP address of the PIX as the "DMZ host", and do all the static translations/port forwarding on the PIX. Also suggest turning off the NAT function of the router and let the PIX do that, too. I hope you got a book with the router, or at least a web site to find the manual.
Assuming that your static IP address is assigned to the WAN port of the router:
What is the router's inside IP address? <public, or private address/>
What is the PIX's outside IP address? <must have router's inside address as default gateway>
What is the PIX's inside IP address? <must be different from outside>
What is your default gateway on your PC? <should be PIX inside>
Don't forget he's got the PIX in the middle.
My suggestion would be to set the IP address of the PIX as the "DMZ host", and do all the static translations/port forwarding on the PIX. Also suggest turning off the NAT function of the router and let the PIX do that, too. I hope you got a book with the router, or at least a web site to find the manual.
Assuming that your static IP address is assigned to the WAN port of the router:
What is the router's inside IP address? <public, or private address/>
What is the PIX's outside IP address? <must have router's inside address as default gateway>
What is the PIX's inside IP address? <must be different from outside>
What is your default gateway on your PC? <should be PIX inside>
ASKER
Imoore,
Thank you for the advice, i will set the ip address of the pix as the "DMZ host" and disable NAT function of the router. How do i turn NAT on using the Pix? At the moment it is set as "NAT 0.0.0.0 0.0.0.0 0 0".
What is the router's inside IP address?
<private address>
What is the PIX's outside IP address?
<private dhcp from router>
What is the PIX's inside IP address?
<private and different from outside(Router)>
What is your default gateway on your PC?
<private dhcp from PIX>
Thank you for the advice, i will set the ip address of the pix as the "DMZ host" and disable NAT function of the router. How do i turn NAT on using the Pix? At the moment it is set as "NAT 0.0.0.0 0.0.0.0 0 0".
What is the router's inside IP address?
<private address>
What is the PIX's outside IP address?
<private dhcp from router>
What is the PIX's inside IP address?
<private and different from outside(Router)>
What is your default gateway on your PC?
<private dhcp from PIX>
On the PIX to setup nat:
global(outside) 1 interface
nat(inside) 1 0 0 0
While testing, you will need to explicitly permit ICMP back in:
access-list 101 permit icmp any any
access-group 101 in interface outside
Everything else looks good..
global(outside) 1 interface
nat(inside) 1 0 0 0
While testing, you will need to explicitly permit ICMP back in:
access-list 101 permit icmp any any
access-group 101 in interface outside
Everything else looks good..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Imoore,
I did'nt have any luck with setting the pix as DMZ Server. Instead i've forwarded ports 80 & 443 to the Pix. However, i'm getting no ports open when running a port scanner. If i remove the pix, it works fine. I believe the next stage is to configure the firewall and forward ports 80 & 443 to the citrix server.
I have tried manually configuring the static route but having no luck. I'd appreciate it if you could shed some light onto this issue.
I did'nt have any luck with setting the pix as DMZ Server. Instead i've forwarded ports 80 & 443 to the Pix. However, i'm getting no ports open when running a port scanner. If i remove the pix, it works fine. I believe the next stage is to configure the firewall and forward ports 80 & 443 to the citrix server.
I have tried manually configuring the static route but having no luck. I'd appreciate it if you could shed some light onto this issue.
ASKER
So far to date, i have managed to forward ports 80 & 443
from adsl router to citrix server. The citrix webserver works good but without protection. Afterwards i changed the tcp ports to be forwarded to the Pix 501. After plugging in the Pix , i am having difficulty forwarding ports 80 & 443 to the citrix server.
I cannot get ports 80 & 443 opened on pix 501. I am in need of desperate help and therefore have increased the points. I am willing to increase the points to 1000 on successfully opening the ports.
from adsl router to citrix server. The citrix webserver works good but without protection. Afterwards i changed the tcp ports to be forwarded to the Pix 501. After plugging in the Pix , i am having difficulty forwarding ports 80 & 443 to the citrix server.
I cannot get ports 80 & 443 opened on pix 501. I am in need of desperate help and therefore have increased the points. I am willing to increase the points to 1000 on successfully opening the ports.
ASKER
ok i've managed to sort this out now, i'm gonna transfer the points to Imoore as he guided me in the right direction.
Imoore,
Is it advisable to use the following command to open up a port.
access-list 101 permit tcp any any eq www
Many thanks
Imoore,
Is it advisable to use the following command to open up a port.
access-list 101 permit tcp any any eq www
Many thanks
>BROADBAND ROUTER what make and model?
you will also have to open those ports on the Cisco, and forward the ports there