?
Solved

How do I get my website on the web using a PIX501 (via the PDM) and a DNS forwarding service (www.no-ip.com)?

Posted on 2004-09-07
9
Medium Priority
?
357 Views
Last Modified: 2010-04-11
I'm currently using www.no-ip.com for DNS forarding and a Cisco PIX501 to get my website on the internet.  The issue is that no matter what I do it won't get through my firewall, or so it seems.  I did a port scan to see if port 80 was open from the web and it appears to be closed/secured/stealth.  I'm using Windows 2003 Server Standard Edition with IIS 6.0, the server is a DC running DNS.  I beleive I created the right rules on the router but I can't get this to work.  FYI, I'm using the PDM, not the command interface, I'm fairly new to the PIX501 but do have a little excperience.  Also, I used to use a Linksys router and the website went through fine, I wonder if it is a combination of the firewall and IIS6.
0
Comment
Question by:copio
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 5

Expert Comment

by:rsriprac
ID: 12001644
I would start off by connecting on a regular hub and see if you could connect to the webserver.  If it does connect, then its obviously the PIX unit,  if not then your IIS is not worrking properly.

"I wonder if it is a combination of the firewall and IIS6."

This would be impossible since they sit on different layers, if IIS is working then it is definitly the firewall.  On the firewall, try turning off all protection and see if that makes a difference.  Also try to connect to the webserver via IP and not by its name since you might have some DNS problems.

I suspect it is the PIX firewall, but try out the different tests and reduce it to the PIX firewall.  So if it is the PIX firewall, then like I mention, open all the ports on the firewall and it should work.  Then from there start to shut down the various ports.

Make sure the rules are proper also.  HTTP uses port 80 for incoming request but for it outgoing, it might send it out on different ports. One thing that might help is running a packet/network analyser like ethereal (http://www.ethereal.com/) and see exactly whats going on.

I hope this helps,

-Ram
0
 
LVL 23

Assisted Solution

by:Tim Holman
Tim Holman earned 960 total points
ID: 12004758
I would follow the instructions here for basic WWW server setup behind a PIX:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml

It would be easier for us to assist with the command line config, rather than PDM, as there is no way for you to show us a snapshot of the PDM config as it's GUI / interactive.
0
 

Author Comment

by:copio
ID: 12029734
I beleive I have everything setup, however I can't get to port 80 inbound from the web therefore my website is not accessible.  How do I open port 80 on the PIX501?  I ran a port scan from the outside and it shows that port 80 is closed/stealth.  Thanks...
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 

Author Comment

by:copio
ID: 12029759
Do I need to use the DNS entries from www.no-ip.com as well?  I don't think so, but thought I'd ask.
0
 
LVL 5

Accepted Solution

by:
rsriprac earned 1040 total points
ID: 12030446
> Do I need to use the DNS entries from www.no-ip.com as well?  I don't think so, but thought I'd ask.

Yes if you do not have a static IP.

Also thie page have some information on allowing port 80:

http://www.siliconvalleyccie.com/cisco-hn/dsl-pix.htm

You need to create a access-list to allow port 80 to come through.

"Dynamic DNS Port Forwarding Entries
It is possible to host your own website on a DHCP DSL / cable modem connection using dynamic DNS. There are many providers to choose from.

Once you have registered with a dynamic DNS provider, you will need to configure your firewall. Here we allow all incoming www traffic (on TCP port 80) destined for the firewall's interface to be forwarded to the web server at 192.168.1.100 on port 80 (www).

 

access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www

access-group inbound in interface outside
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255

Once configured, you will be able to hit your webserver using the firewall's outside interface's IP address as the destination. eg: http://firewall-outside-ip-address. Remember, it's not possible to hit your firewall's public NAT IP address from servers on your home network. You'll have to ask a friend to check it out.
"


-Ram
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12039272
Could you post up your PIX config, then we will fix it.  :)
0
 

Author Comment

by:copio
ID: 12162909
I'll get my PIX config and post so we can get to the bottom of this, I'm still having the same issue.  Sorry I haven't gotten but I'ev been busy.
0
 

Author Comment

by:copio
ID: 12193044
I'm going to close this out since I finally figured it out.  I had to do some work on the PIX and in the process my ISP shut down port 80, so I'm using a different port now and I'm all set.  They threw me for a loop because they shut down port 80 while I was troubleshooting this issue, port 80 use to be open.  The ISP is Optimum Online/CableVision.
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 12201679
That wasn't very nice of them !
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Ever wonder what it's like to get hit by ransomware? "Tom" gives you all the dirty details first-hand – and conveys the hard lessons his company learned in the aftermath.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question