Solved

using public ip to my server

Posted on 2006-11-13
16
148 Views
Last Modified: 2010-04-10
hi
i have pix 525 how i can enable use IP 82.205.129.6 to my PC after pix 525 iam not want to use static nat
i want to use this IP

thanks
0
Comment
Question by:nasemabdullaa
  • 6
  • 4
  • 4
  • +1
16 Comments
 
LVL 12

Expert Comment

by:Freya28
ID: 17930825
so you want the machine to have this ip and you dont want a one to one nat rule?  then i recommend configuring a dmz and give the nic card the actual public ip.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17931001
the best way is to fwd the needed ports to that pc instead. otherwise no use of the real puprpose of the pix. the pix firewall block lot of traffic that may cause you problems. you can post back and tell us what ports or services needed to be running on that pc and we probably can help you fwd these ports to that pc instead.

hope this helps!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931758
Okay, so is this ip assigned to the outside interface of the pix already? If so, you need this;

static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

access-list outsidein permit ip any host interface outside eq www

access-list outsidein in interface outside

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17931802
i thought he said he does NOT want to use static nat
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931879
The above is NOT static nat, but port forward. Only works from outside to inside for that port right ?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17931947
true,  i looked wuick at the statci rajesh.  wouldnt this ponly work if his outside interface on the pix is 82.205.129.6. the ip he included above.  i assumed this was afree public ip within his range, not the ip of the outside of the pix
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17932022
There is no way in the world you can create a nat in PIX without using static statements. So I assumed that probably he is saying that he's got only a single ip and need to use that?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17932038
well if he does have a range of publics and he has the 525, he most likely has 3 or more interfaces and i would recommend a dmz
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:nasemabdullaa
ID: 17938077
hi
thanks for all
i have the range (82.205.129.2 to 82.205.129.64) public ip and i can use any one i need
 i use static nat in my network from 82.205.129.3 to 82.205.129.43
and i can use any one from the rest
what is the best way to do that

thanks

0
 
LVL 10

Expert Comment

by:fm250
ID: 17938836
nasemabdullaa,
do you care about security? is it of any concern to you.
if so use the:  static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

mentioned by rsivanandan, then fwd the ports for the services listening only, so you can fwd www, ftp , ssh and so on. just state what services needed on that pc such as web server, sql server, ftp.....etc. and can provide you the code needed. permitting all trafic can make your internal box vunerable to attacks.

Hope this gives you some insisght.
0
 

Author Comment

by:nasemabdullaa
ID: 17947030
hi
thanks for your reply
i want to open these port in my pc www,smtp,pop3,ftp,telnet,ssh,3389

thanks
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 500 total points
ID: 17947089
The same way you can do those as well; Lets say you want to use a public ip x.x.x.x to open these, then this is the syntax;

static(inside,outside) tcp x.x.x.x <port> <InternalIP> <port>

for http;

static(inside,outside) tcp x.x.x.x 80 <InternalIP> 80

Then access-lists;

access-list <Name> permit tcp any host x.x.x.x eq 80

access-group <Name> in interface outside.

Hope that makes it clear for you now?

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947243
hi rsivanandan
thanks for your reply
lets say i want to use these ip 62.68.65.51 in my server the command that
static(inside,outside) tcp 62.68.65.51 80 <InternalIP> <port> netmask 255.255.255.255


what must i put in <InternalIP> <port>

thanks
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17947849
<InternalIP> would be your internal webserver to which you want to do the port forwarding to be done so that any web request that comes to 62.68.65.51 will be forwarded to the internal machine.

<Port> = 80

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947948
hi
thanks for all
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17948025
You're Welcome.

Cheers,
Rajesh
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Article by: IanTh
Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
Let’s list some of the technologies that enable smooth teleworking. 
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now