Solved

Firewall Help, no email coming in, need help quick

Posted on 2004-08-25
5
225 Views
Last Modified: 2013-11-29
Hi. Well we have a cisco pix 515 here. Ive been trying to set up an ftp server and finally made it happen to day and had it working and everything.  Right around that time our email stopped coming in. Our web server and mail server cannot be accessed from outside our network.  I took out all the ftp stuff i added today and still nothing. Everything seems to be in place. PLease I need help ASAP. Its 6:00PM and Im still at working trying to figure this out. THanks in advance. Ill be around to answer any other ?s
0
Comment
Question by:emilbus20
  • 3
5 Comments
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11898008
You need to allow inbound access to TCP port 80 and 25 to your web server and mail server. You also need to allow traffic FROM UDP port 53 in and FROM TCP port 25 in.
0
 
LVL 28

Assisted Solution

by:mikebernhardt
mikebernhardt earned 250 total points
ID: 11898043
I'm assuming you haven't blocked any outbound traffic. The inbound traffic from port 25 only needs to go to your mail server.
0
 
LVL 1

Accepted Solution

by:
slapshot45 earned 250 total points
ID: 11898658
Here's the command you would enter assuming your following mike's instructions (taken from cisco site, replace with your own numbers):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml

ACL
1 Define a static address translation for the inside web server to an outside/global address.

    static (inside, outside) 175.1.1.254 10.200.1.254

2 Define which hosts can connect on which ports to our web/FTP server.

    access-list 101 permit tcp any host 175.1.1.254 eq www
    acess-list 101 permit tcp host 199.199.199.24 host 175.1.1.254 eq ftp

In the commands above, the www and ftp can be replaced by port numbers such as 80 & 21

3 Apply the ACL to the outside interface.

    access-group 101 in interface outside


Am I correct to assume that the PIX and the e-mail server were in place and operational and the only change was FTP being added? If this is the case and you made minimal changes in your PIX config can you give us some more information on what was changed on the server(s)?

0
 
LVL 1

Author Comment

by:emilbus20
ID: 11902324
Well it seems some how i was missing this

access-group outside_acl in interface outside

Worked out fine after i put this in. Ooopppsss
0
 
LVL 28

Expert Comment

by:mikebernhardt
ID: 11903957
I guess that would do it!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question