• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

Firewall Help, no email coming in, need help quick

Hi. Well we have a cisco pix 515 here. Ive been trying to set up an ftp server and finally made it happen to day and had it working and everything.  Right around that time our email stopped coming in. Our web server and mail server cannot be accessed from outside our network.  I took out all the ftp stuff i added today and still nothing. Everything seems to be in place. PLease I need help ASAP. Its 6:00PM and Im still at working trying to figure this out. THanks in advance. Ill be around to answer any other ?s
0
emilbus20
Asked:
emilbus20
  • 3
2 Solutions
 
mikebernhardtCommented:
You need to allow inbound access to TCP port 80 and 25 to your web server and mail server. You also need to allow traffic FROM UDP port 53 in and FROM TCP port 25 in.
0
 
mikebernhardtCommented:
I'm assuming you haven't blocked any outbound traffic. The inbound traffic from port 25 only needs to go to your mail server.
0
 
slapshot45Commented:
Here's the command you would enter assuming your following mike's instructions (taken from cisco site, replace with your own numbers):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

ACL
1 Define a static address translation for the inside web server to an outside/global address.

    static (inside, outside) 175.1.1.254 10.200.1.254

2 Define which hosts can connect on which ports to our web/FTP server.

    access-list 101 permit tcp any host 175.1.1.254 eq www
    acess-list 101 permit tcp host 199.199.199.24 host 175.1.1.254 eq ftp

In the commands above, the www and ftp can be replaced by port numbers such as 80 & 21

3 Apply the ACL to the outside interface.

    access-group 101 in interface outside


Am I correct to assume that the PIX and the e-mail server were in place and operational and the only change was FTP being added? If this is the case and you made minimal changes in your PIX config can you give us some more information on what was changed on the server(s)?

0
 
emilbus20Author Commented:
Well it seems some how i was missing this

access-group outside_acl in interface outside

Worked out fine after i put this in. Ooopppsss
0
 
mikebernhardtCommented:
I guess that would do it!
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now