Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

using public ip to my server

Posted on 2006-11-13
16
Medium Priority
?
154 Views
Last Modified: 2010-04-10
hi
i have pix 525 how i can enable use IP 82.205.129.6 to my PC after pix 525 iam not want to use static nat
i want to use this IP

thanks
0
Comment
Question by:nasemabdullaa
  • 6
  • 4
  • 4
  • +1
16 Comments
 
LVL 12

Expert Comment

by:Freya28
ID: 17930825
so you want the machine to have this ip and you dont want a one to one nat rule?  then i recommend configuring a dmz and give the nic card the actual public ip.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17931001
the best way is to fwd the needed ports to that pc instead. otherwise no use of the real puprpose of the pix. the pix firewall block lot of traffic that may cause you problems. you can post back and tell us what ports or services needed to be running on that pc and we probably can help you fwd these ports to that pc instead.

hope this helps!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931758
Okay, so is this ip assigned to the outside interface of the pix already? If so, you need this;

static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

access-list outsidein permit ip any host interface outside eq www

access-list outsidein in interface outside

Cheers,
Rajesh
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
LVL 12

Expert Comment

by:Freya28
ID: 17931802
i thought he said he does NOT want to use static nat
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931879
The above is NOT static nat, but port forward. Only works from outside to inside for that port right ?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17931947
true,  i looked wuick at the statci rajesh.  wouldnt this ponly work if his outside interface on the pix is 82.205.129.6. the ip he included above.  i assumed this was afree public ip within his range, not the ip of the outside of the pix
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17932022
There is no way in the world you can create a nat in PIX without using static statements. So I assumed that probably he is saying that he's got only a single ip and need to use that?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17932038
well if he does have a range of publics and he has the 525, he most likely has 3 or more interfaces and i would recommend a dmz
0
 

Author Comment

by:nasemabdullaa
ID: 17938077
hi
thanks for all
i have the range (82.205.129.2 to 82.205.129.64) public ip and i can use any one i need
 i use static nat in my network from 82.205.129.3 to 82.205.129.43
and i can use any one from the rest
what is the best way to do that

thanks

0
 
LVL 10

Expert Comment

by:fm250
ID: 17938836
nasemabdullaa,
do you care about security? is it of any concern to you.
if so use the:  static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

mentioned by rsivanandan, then fwd the ports for the services listening only, so you can fwd www, ftp , ssh and so on. just state what services needed on that pc such as web server, sql server, ftp.....etc. and can provide you the code needed. permitting all trafic can make your internal box vunerable to attacks.

Hope this gives you some insisght.
0
 

Author Comment

by:nasemabdullaa
ID: 17947030
hi
thanks for your reply
i want to open these port in my pc www,smtp,pop3,ftp,telnet,ssh,3389

thanks
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17947089
The same way you can do those as well; Lets say you want to use a public ip x.x.x.x to open these, then this is the syntax;

static(inside,outside) tcp x.x.x.x <port> <InternalIP> <port>

for http;

static(inside,outside) tcp x.x.x.x 80 <InternalIP> 80

Then access-lists;

access-list <Name> permit tcp any host x.x.x.x eq 80

access-group <Name> in interface outside.

Hope that makes it clear for you now?

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947243
hi rsivanandan
thanks for your reply
lets say i want to use these ip 62.68.65.51 in my server the command that
static(inside,outside) tcp 62.68.65.51 80 <InternalIP> <port> netmask 255.255.255.255


what must i put in <InternalIP> <port>

thanks
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17947849
<InternalIP> would be your internal webserver to which you want to do the port forwarding to be done so that any web request that comes to 62.68.65.51 will be forwarded to the internal machine.

<Port> = 80

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947948
hi
thanks for all
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17948025
You're Welcome.

Cheers,
Rajesh
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question