PIX-ACL

Answered Question
Mar 19th, 2007

Hello All,

I have setup mail server behind PIX firewall, internally mail server works fine. Only problem is from outside. following is the ACL configured on PIX,

access-list 200 extended permit tcp any eq pop3 host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any eq smtp host xx.xx.xx.xx eq smtp

where xx.xx.xx.xx is the private ip address of mail server.

Is this rule is enough for running Mail server behind firewall ans is this rule seems correct...?

NAT Translation is also has been configured correctly.

Thanks,

Dhaval Tandel

I have this problem too.
0 votes
Correct Answer by John Patrick Lopez about 9 years 8 months ago

Hi Dhaval.

Source port should not be pop3. This should be your inbound access-list on the outside interface.

access-list 200 extended permit tcp any host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any host xx.xx.xx.xx eq smtp

xx.xx.xx.xx should be the public IP of the server if it should be access thru internet. Then use the "static" command to translate the server's private IP to public IP.

Regards,

John

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
John Patrick Lopez Mon, 03/19/2007 - 09:03

Hi Dhaval.

Source port should not be pop3. This should be your inbound access-list on the outside interface.

access-list 200 extended permit tcp any host xx.xx.xx.xx eq pop3

access-list 200 extended permit tcp any host xx.xx.xx.xx eq smtp

xx.xx.xx.xx should be the public IP of the server if it should be access thru internet. Then use the "static" command to translate the server's private IP to public IP.

Regards,

John

Actions

This Discussion