Bogdan Moldovan wrote:
> I can make NAT form inside to dmz and I can telnet from inside to a machine
> in the dmz, but I need the other way too... I can not telnet from dmz to a
> machine in the inside zone.! Any ideea why?
2 obvious reasons for this that come to mind are:
A: There is a router ACL / Firewall blocking incoming connections to the
internal network. By default the Cisco PIX doesnt allow incoming
connections to reserved ports (1-1024).
B: There isnt a route defined from the DMZ machines back into the 10
network, try doing a traceroute (tracert in NT) from the DMZ machine to
an internal ip and see what happens. If the traceroute works see
solution A and grab a utility like firewalk, hping, or nmap to test the
firewall/filtering policies in place.
-HD
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
