Web access crawling on non-default port, something lost in translation?
Group,
Wanted to ask you a question, we have a apache server that is a dev box we are using right now. We already had a webserver on another IP (.3) running on port 80. This is correctly mapped and everything is working great. The Apache server we are running (.6) we changed to port 81 and internally everything works great. I added this to our ACL and our static mappings, however access from the outside CRAWLS, on Firefox you can see on the bottom "connecting to 192.168.0.6" and it seems as if it is having a very hard time loading images. What do you guys think?
Update, something interesting, keeping in mind I am outside the firewall so I have to type www.domain.com:81 which is in the 24.73.166.x block. If I click on a link I am getting a "connection timed out" error saying the server at 192.168.0.6 is taking to long to respond, shouldn't this be my outside IP address, do I have a mapping backwards?
Wanted to ask you a question, we have a apache server that is a dev box we are using right now. We already had a webserver on another IP (.3) running on port 80. This is correctly mapped and everything is working great. The Apache server we are running (.6) we changed to port 81 and internally everything works great. I added this to our ACL and our static mappings, however access from the outside CRAWLS, on Firefox you can see on the bottom "connecting to 192.168.0.6" and it seems as if it is having a very hard time loading images. What do you guys think?
Update, something interesting, keeping in mind I am outside the firewall so I have to type www.domain.com:81 which is in the 24.73.166.x block. If I click on a link I am getting a "connection timed out" error saying the server at 192.168.0.6 is taking to long to respond, shouldn't this be my outside IP address, do I have a mapping backwards?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Assuming it is a pix, should look like this for the second server
static (inside,outside) tcp interface 81 192.168.0.6 81 netmask 255.255.255.255 0 0
access-list outside_access_in permit tcp any interface outside eq 81
access-group in interface outside
static (inside,outside) tcp interface 81 192.168.0.6 81 netmask 255.255.255.255 0 0
access-list outside_access_in permit tcp any interface outside eq 81
access-group in interface outside
ASKER
Here are the statements as I have it in my Pix 6.3(5)
access-list outside_access_in permit tcp any host 24.73.166.50 eq 81
and
static (inside,outside) tcp 24.73.166.50 81 192.168.0.6 81 netmask 255.255.255.255 0 0
I just re-applied the group and cleared the xlate, I will let you know if it made a difference tomorrow.
access-list outside_access_in permit tcp any host 24.73.166.50 eq 81
and
static (inside,outside) tcp 24.73.166.50 81 192.168.0.6 81 netmask 255.255.255.255 0 0
I just re-applied the group and cleared the xlate, I will let you know if it made a difference tomorrow.
That should work just fine for you.. clearing the xlate is an important step to making it function proprely
ASKER
Group,
Thanks for all the response, I was able to work out the issue, however it was actually un-related to the Pix. I do however agree that anytime you apple or re-apply a access-group you need to be sure to clear the xlate, a step that I had forgotten. I do appreciate your time!
Thanks for all the response, I was able to work out the issue, however it was actually un-related to the Pix. I do however agree that anytime you apple or re-apply a access-group you need to be sure to clear the xlate, a step that I had forgotten. I do appreciate your time!
ASKER
Thanks for the response.