Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

using public ip to my server

Posted on 2006-11-13
16
Medium Priority
?
153 Views
Last Modified: 2010-04-10
hi
i have pix 525 how i can enable use IP 82.205.129.6 to my PC after pix 525 iam not want to use static nat
i want to use this IP

thanks
0
Comment
Question by:nasemabdullaa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 4
  • +1
16 Comments
 
LVL 12

Expert Comment

by:Freya28
ID: 17930825
so you want the machine to have this ip and you dont want a one to one nat rule?  then i recommend configuring a dmz and give the nic card the actual public ip.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17931001
the best way is to fwd the needed ports to that pc instead. otherwise no use of the real puprpose of the pix. the pix firewall block lot of traffic that may cause you problems. you can post back and tell us what ports or services needed to be running on that pc and we probably can help you fwd these ports to that pc instead.

hope this helps!
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931758
Okay, so is this ip assigned to the outside interface of the pix already? If so, you need this;

static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

access-list outsidein permit ip any host interface outside eq www

access-list outsidein in interface outside

Cheers,
Rajesh
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 12

Expert Comment

by:Freya28
ID: 17931802
i thought he said he does NOT want to use static nat
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17931879
The above is NOT static nat, but port forward. Only works from outside to inside for that port right ?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17931947
true,  i looked wuick at the statci rajesh.  wouldnt this ponly work if his outside interface on the pix is 82.205.129.6. the ip he included above.  i assumed this was afree public ip within his range, not the ip of the outside of the pix
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17932022
There is no way in the world you can create a nat in PIX without using static statements. So I assumed that probably he is saying that he's got only a single ip and need to use that?

Cheers,
Rajesh
0
 
LVL 12

Expert Comment

by:Freya28
ID: 17932038
well if he does have a range of publics and he has the 525, he most likely has 3 or more interfaces and i would recommend a dmz
0
 

Author Comment

by:nasemabdullaa
ID: 17938077
hi
thanks for all
i have the range (82.205.129.2 to 82.205.129.64) public ip and i can use any one i need
 i use static nat in my network from 82.205.129.3 to 82.205.129.43
and i can use any one from the rest
what is the best way to do that

thanks

0
 
LVL 10

Expert Comment

by:fm250
ID: 17938836
nasemabdullaa,
do you care about security? is it of any concern to you.
if so use the:  static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

mentioned by rsivanandan, then fwd the ports for the services listening only, so you can fwd www, ftp , ssh and so on. just state what services needed on that pc such as web server, sql server, ftp.....etc. and can provide you the code needed. permitting all trafic can make your internal box vunerable to attacks.

Hope this gives you some insisght.
0
 

Author Comment

by:nasemabdullaa
ID: 17947030
hi
thanks for your reply
i want to open these port in my pc www,smtp,pop3,ftp,telnet,ssh,3389

thanks
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 17947089
The same way you can do those as well; Lets say you want to use a public ip x.x.x.x to open these, then this is the syntax;

static(inside,outside) tcp x.x.x.x <port> <InternalIP> <port>

for http;

static(inside,outside) tcp x.x.x.x 80 <InternalIP> 80

Then access-lists;

access-list <Name> permit tcp any host x.x.x.x eq 80

access-group <Name> in interface outside.

Hope that makes it clear for you now?

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947243
hi rsivanandan
thanks for your reply
lets say i want to use these ip 62.68.65.51 in my server the command that
static(inside,outside) tcp 62.68.65.51 80 <InternalIP> <port> netmask 255.255.255.255


what must i put in <InternalIP> <port>

thanks
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17947849
<InternalIP> would be your internal webserver to which you want to do the port forwarding to be done so that any web request that comes to 62.68.65.51 will be forwarded to the internal machine.

<Port> = 80

Cheers,
Rajesh
0
 

Author Comment

by:nasemabdullaa
ID: 17947948
hi
thanks for all
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17948025
You're Welcome.

Cheers,
Rajesh
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This program is used to assist in finding and resolving common problems with wireless connections.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question