Pix-501: How do I make an http request back to itself

Unanswered Question
Nov 3rd, 2009

Can someone help me figure out how to correctly setup the PIX-501 firewall to allow server at address 111.222.333.100 to make an http request back to itself?

I am unable to get server to perform an http request back to itself when called from external client. For instance, I have new version of Atlassian Jira 4.0 installed, but the new system's dashboard contains gadgets that require JIRA will make http requests back on itself in order to retrieve all the gadget specs for that dashboard from itself.

This works fine if I am on the server and use http://localhost:8780 or http://10.0.0.1:8780.

But I am unable to make any http request from server back unto itself when using http://111.222.333.100:8780 -- see settings below (note: in example ethernet address is 111.222.333.200).

The access rules seem to be fine as I am able to reach URL from external client, but the gadgets do not build.

I have the following PIX 501 Firewall configuration:

Hosts/Networks

Outside Interface:

=================

....-....outside:any

.......|

.......-....111.222.333.0

..........|

..........-....111.222.333.100

..........|

..........-....outside 111.222.333.200

.......|

.......-....123.245.789.4

.......|

.......-....123.245.123.21

Inside interface:

================

....-....inside:any

.......|

.......-....10.0.0.0

..........|

..........-....10.0.0.1

..........|

..........-....inside 10.0.0.254

Translation Rules

=================

============================================================

| Original || Translated |

| -----------------------------------------------------------|

| Interface | Address || Interface | Address |

| -----------------------------------------------------------|

| outside | 111.222.333.100 || inside | 10.0.0.1 |

| -----------------------------------------------------------|

| inside | 10.0.0.1 || outside | 111.222.333.100 |

============================================================

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

A quick solution is to use a hostname. Make an entry in the local server HOSTS file with the local IP and the Hostname. Configure the server to reference itself via the hostname. Problem solved.

If the device must reference itself via the NATed IP number, then thats a bit of a problem. I've never solved it on a 2 interface PIX 501.

gherard1511 Mon, 11/09/2009 - 08:02

Thanks for the suggestion, but I think I need to be able to reference via NATed IP number.

I am think at this point that I may need to remove the firewall, temporarily, to determine if that is really the issue. I have not hit this issue with other server/firewall setups in the past.

Actions

This Discussion