Solved

Firewall Help, no email coming in, need help quick

Posted on 2004-08-25
5
223 Views
Last Modified: 2013-11-29
Hi. Well we have a cisco pix 515 here. Ive been trying to set up an ftp server and finally made it happen to day and had it working and everything.  Right around that time our email stopped coming in. Our web server and mail server cannot be accessed from outside our network.  I took out all the ftp stuff i added today and still nothing. Everything seems to be in place. PLease I need help ASAP. Its 6:00PM and Im still at working trying to figure this out. THanks in advance. Ill be around to answer any other ?s
0
Comment
Question by:emilbus20
  • 3
5 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
You need to allow inbound access to TCP port 80 and 25 to your web server and mail server. You also need to allow traffic FROM UDP port 53 in and FROM TCP port 25 in.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
Comment Utility
I'm assuming you haven't blocked any outbound traffic. The inbound traffic from port 25 only needs to go to your mail server.
0
 
LVL 1

Accepted Solution

by:
slapshot45 earned 250 total points
Comment Utility
Here's the command you would enter assuming your following mike's instructions (taken from cisco site, replace with your own numbers):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

ACL
1 Define a static address translation for the inside web server to an outside/global address.

    static (inside, outside) 175.1.1.254 10.200.1.254

2 Define which hosts can connect on which ports to our web/FTP server.

    access-list 101 permit tcp any host 175.1.1.254 eq www
    acess-list 101 permit tcp host 199.199.199.24 host 175.1.1.254 eq ftp

In the commands above, the www and ftp can be replaced by port numbers such as 80 & 21

3 Apply the ACL to the outside interface.

    access-group 101 in interface outside


Am I correct to assume that the PIX and the e-mail server were in place and operational and the only change was FTP being added? If this is the case and you made minimal changes in your PIX config can you give us some more information on what was changed on the server(s)?

0
 
LVL 1

Author Comment

by:emilbus20
Comment Utility
Well it seems some how i was missing this

access-group outside_acl in interface outside

Worked out fine after i put this in. Ooopppsss
0
 
LVL 28

Expert Comment

by:mikebernhardt
Comment Utility
I guess that would do it!
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now