Solved

Web access crawling on non-default port, something lost in translation?

Posted on 2006-10-23
6
261 Views
Last Modified: 2010-04-12
Group,
Wanted to ask you a question, we have a apache server that is a dev box we are using right now. We already had a webserver on another IP (.3) running on port 80. This is correctly mapped and everything is working great. The Apache server we are running (.6) we changed to port 81 and internally everything works great. I added this to our ACL and our static mappings, however access from the outside CRAWLS, on Firefox you can see on the bottom "connecting to 192.168.0.6" and it seems as if it is having a very hard time loading images. What do you guys think?

Update, something interesting, keeping in mind I am outside the firewall so I have to type www.domain.com:81 which is in the 24.73.166.x block. If I click on a link I am getting a "connection timed out" error saying the server at 192.168.0.6 is taking to long to respond, shouldn't this be my outside IP address, do I have a mapping backwards?
0
Comment
Question by:blakmoon91
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 11

Accepted Solution

by:
prueconsulting earned 250 total points
ID: 17790488
Post your static statements and acls which are applicable.

Also did you do a clear xlate following updating the rules and the statics

0
 

Author Comment

by:blakmoon91
ID: 17790594
No, I didn't clear the xlate, I will have to remember that. I will post the ACL's and Static when I get back tonight
Thanks for the response.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17790805
Assuming it is a pix, should look like this for the second server

static (inside,outside) tcp interface 81 192.168.0.6 81 netmask 255.255.255.255 0 0
access-list outside_access_in permit tcp any interface outside eq 81
access-group in interface outside
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 

Author Comment

by:blakmoon91
ID: 17793116
Here are the statements as I have it in my Pix 6.3(5)

access-list outside_access_in permit tcp any host 24.73.166.50 eq 81

and

static (inside,outside) tcp 24.73.166.50 81 192.168.0.6 81 netmask 255.255.255.255 0 0

I just re-applied the group and cleared the xlate, I will let you know if it made a difference tomorrow.
0
 
LVL 11

Expert Comment

by:prueconsulting
ID: 17793166
That should work just fine for you.. clearing the xlate is an important step to making it function proprely
0
 

Author Comment

by:blakmoon91
ID: 17850982
Group,
Thanks for all the response, I was able to work out the issue, however it was actually un-related to the Pix. I do however agree that anytime you apple or re-apply a access-group you need to be sure to clear the xlate, a step that I had forgotten. I do appreciate your time!
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FQDN config to internal server 3 47
PCI Compliance and Open SQL ports 8 81
Security Geteway Sonicwall 7 117
Filezilla server wont allow me to connect to it 2 64
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question