Re: PIX Conduit questions

Wed, 09 Aug 2000 09:36:16 -0700


Rob

The PIX manuals are on the Cisco web site.  They provide a great deal of information about how to use the conduit command.

conduit
Add, delete, or show conduits through the firewall for incoming connections. (Configuration mode.)

conduit  deny ip locally_defined_global_ip global_mask  foreign_ip_you_want_to_block
foreign_mask

Syntax Description
        permit                 Permit access if the conditions are matched.
        deny                 Deny access if the conditions are matched.
        protocol         Specify the transport protocol for the connection. Possible literal values are icmp, tcp,
                        udp, or an integer in the range 0 through 255 representing an IP protocol number. Use ip to
                        specify all transport protocols.
        global_ip         A global IP address previously defined by a global or static command. You can use any if
                        the global_ip and global_mask are 0.0.0.0 0.0.0.0. The any option applies the permit or
                        deny to the global addresses.
                        global_mask Network mask of global_ip. The global_mask is a 32-bit, four-part dotted decimal; such as,
                        255.255.255.255. Use zeros in a part to indicate bit positions to be ignored. Use subnetting
                        if required. If you use 0 for global_ip, use 0 for the global_mask; otherwise, enter the
                        global_mask appropriate to global_ip.
        foreign_ip         An external IP address (host or network) that can access the global_ip. You can specify
                        0.0.0.0 or 0 for any host. If both the foreign_ip and foreign_mask are 0.0.0.0 0.0.0.0, you
                        can use the shorthand any option.


        foreign_mask         Network mask of foreign_ip. The foreign_mask is a 32-bit, four-part dotted decimal; such
                        as, 255.255.255.255. Use zeros in a part to indicate bit positions to be ignored. Use
                        subnetting if required. If you use 0 for foreign_ip, use 0 for the foreign_mask; otherwise,
                        enter the foreign_mask appropriate to foreign_ip. You can also specify a mask for
                        subnetting.        

Just as a side note, and this is NOT intended to be mean spirited, if you do not understand how this command on the PIX works then it is probably not in your best interest to be modifying your configuration.  I'd suggest you hire this function out and get your boss to spring for a PIX class.

-- Bill Stackpole, CISSP




"Rob Serfozo" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]

08/09/00 07:33 AM

       
        To:        "Firewalls LIST" <[EMAIL PROTECTED]>
        cc:        
        Subject:        PIX Conduit questions


Is there any way that I can block access to a site or block a ip address
from access my webserver using a Cisco PIX 515.  I believe that I may be
able to do this using a conduit statement, but I am not sure.

Thank you,
Rob Serfozo

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to