?
Solved

Firewall Help, no email coming in, need help quick

Posted on 2004-08-25
5
Medium Priority
?
229 Views
Last Modified: 2013-11-29
Hi. Well we have a cisco pix 515 here. Ive been trying to set up an ftp server and finally made it happen to day and had it working and everything.  Right around that time our email stopped coming in. Our web server and mail server cannot be accessed from outside our network.  I took out all the ftp stuff i added today and still nothing. Everything seems to be in place. PLease I need help ASAP. Its 6:00PM and Im still at working trying to figure this out. THanks in advance. Ill be around to answer any other ?s
0
Comment
Question by:emilbus20
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11898008
You need to allow inbound access to TCP port 80 and 25 to your web server and mail server. You also need to allow traffic FROM UDP port 53 in and FROM TCP port 25 in.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 1000 total points
ID: 11898043
I'm assuming you haven't blocked any outbound traffic. The inbound traffic from port 25 only needs to go to your mail server.
0
 
LVL 1

Accepted Solution

by:
slapshot45 earned 1000 total points
ID: 11898658
Here's the command you would enter assuming your following mike's instructions (taken from cisco site, replace with your own numbers):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

ACL
1 Define a static address translation for the inside web server to an outside/global address.

    static (inside, outside) 175.1.1.254 10.200.1.254

2 Define which hosts can connect on which ports to our web/FTP server.

    access-list 101 permit tcp any host 175.1.1.254 eq www
    acess-list 101 permit tcp host 199.199.199.24 host 175.1.1.254 eq ftp

In the commands above, the www and ftp can be replaced by port numbers such as 80 & 21

3 Apply the ACL to the outside interface.

    access-group 101 in interface outside


Am I correct to assume that the PIX and the e-mail server were in place and operational and the only change was FTP being added? If this is the case and you made minimal changes in your PIX config can you give us some more information on what was changed on the server(s)?

0
 
LVL 1

Author Comment

by:emilbus20
ID: 11902324
Well it seems some how i was missing this

access-group outside_acl in interface outside

Worked out fine after i put this in. Ooopppsss
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11903957
I guess that would do it!
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question