On 21 Jun 2001, at 11:58, d d wrote:
> I have the following commands in my Cisco Pix, but dont understand the
> anyone can explainme? . THanks!
>
>
> Line 1) 1alias (inside) 200.35.161.42 220.1.1.75 255.255.255.255
Any packets from the inside interface to 200.35.161.42 will be redirected to
220.1.1.75. This is so that a DNS server used by outside and inside
interfaces for requests only needs to have the outside (public) address listed,
inside users can still attempt to connect to the public address and the PIX
redirects the packets. However, if 220.1.1.75 is on the inside interface (which
it appears to be from the static command) you might have problems as the
PIX (at least with OS ver 4.x and 5.x) doesn't allow packets to be passed
back to the same interface they entered on.
> Line 2) static (inside,outside) 200.35.161.42 220.1.1.75 netmask
> 255.255.255.255 0 0
Connections from the outside interface to IP 200.35.161.42 will be passed to
IP 220.1.1.75 on the inside interface.
> Line 3) conduit permit tcp host 200.35.161.42 eq smtp any
Allow connections from the outside interface on IP 200.25.161.42 on port 25
(smtp) for any address.
> Line 4) conduit permit tcp host 200.35.161.42 eq pop3 any
Allow connections from the outside interface on IP 200.25.161.42 on port 110
(pop3) for any address.
Those last 2 lines indicate that 200.35.161.42 is a mail server to which
anyone can connect to send mail or retrieve it.
> Line 5) no rip outside default
> Line 6) no rip inside passive
> Line 7) no rip inside default
These turn of RIP (Routing Information Protocol) on both outside and inside
interfaces.
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
