Re: PIX firewall version 4.4

Thu, 06 Jul 2000 05:59:16 -0700 

If you want to keep your FTP server on the Inside
network of the PIX you need to do a few things.  I am
assuming you already have access through the PIX.

1) If your private network does not use valid Internet
addressing (i.e. an 10.0.0.0 or 192.168.0.0 subnet or
a non-registered address, AKA using Network Address
translation or NAT) then you must build a static
through the PIX.  This allows an Inside address to
have a specified Outside address.  
Syntax:

static (Inside, Outside) x.x.x.x y.y.y.y

where x.x.x.x is your registered outside address and
y.y.y.y is your unregistered Inside address.  The
syntax is confusing b/c you have the key words Inside,
Outside but then the addresses are outside then
inside.  This is why you here PIX people walking
around mumbling Inside, Outside Outside, Inside.  But
I digress.

2) Next you need to allow acces through the PIX box,
since PIX is a stateful box and will not let any
traffic through it unless it was asked for.  To do
this you need to build a Conduit.
Syntax:

conduit permit tcp host x.x.x.x eq ftp any

This will allow TCP connections on the FTP ports (20,
and 21) to access x.x.x.x.  Where x.x.x.x is your
registered OUTSIDE address.  The any at the end of the
statement allows any address through to your FTP
server.  You could filter access and allow only
certain address through, I don't know what use your
FTP server is for.


This should get the job done.  If you have any further
issues let me know, I would love to help.

Michael Losa
CCNA


--- "Shumake, Derrick" <[EMAIL PROTECTED]>
wrote:
> Can anyone help me with a PIX 4.4 box.  I am trying
> to setup FTP through my
> firewall.  What is the correct commands to use? As
> in the conduit command.
> thanks in advance.....
> 
> 
> NETIGY
> The World's premier Architect of eBusiness-Ready
> Networks
> 5445 DTC Parkway, Penthouse Four
> Englewood, CO  80111
> http://www.netigy.com
> 
> 
> 
> ___________________________________
> UPDATED Posting Guidelines:
> http://www.groupstudy.com/list/guide.html
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/

___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to