Routing

George K John · ‎07-20-2010

Hello,

I have a system with LAN IP where an application is running which will connect to a public server and download some files.

But I need to open a port 3306 for this.

The local LAN IP is 192.168.1.71

The public IP is 193.144.127.204

Port is 3306.

Can someone help me to open a port in the firewall ?

To connect to the B2G database you (your computer settings, your personal firewall) and your institute (institutes firewall, providers network settings) has to permit outgoing tcp connections on port 3306.

Please help me with routing table.

Thanks

Tonio

west33637 · ‎07-20-2010

Hello Tonio. What kind of firewall is it? Or what kind of device are you going through to get to this outside server?

Also, can you ping that outside server from your system? If yes, can you trace to the outside server from your system. If yes, can you telnet to port 3306 from your system. Thanks

telnet 193.144.127.204 3306

ping 193.144.127.204

tracert 193.144.127.204

George K John · ‎07-20-2010

Yes, I am able to PING. I use cisco ASA5500

.

Without firewall I am able to connect and work.

Need to know how to create an access list.

Thank you

George

Nagaraja Thanthry · ‎07-20-2010

Hello,

Typically (unless you have configured exclusively), the firewall allows all outbound connections from the internal network. Please issue the following command to see if there is any rule configured on the inside interface:

show run access-group

If you do not find any access-group attached to the inside interface, then everything is allowed from inside to outside. If you did find an access-group attached to the inside interface, then please add a line to allow the port:

access-list line 1 permit tcp any host eq 3306

Hope this helps.

Regards,

NT

George K John · ‎07-20-2010

Thank you for the reply. Here is the group I have it in my router

access-group acl_out in interface outside
access-group acl_in in interface inside

Thanks

Tonio

Nagaraja Thanthry · ‎07-20-2010

Hello,

Can you please post the output of "show run access-list acl_in" command here?

Regards,

NT

George K John · ‎07-20-2010

Once again, thanks a lot.

Here is the result

Thanks in advance

Tonio

Nagaraja Thanthry · ‎07-20-2010

Hello,

Please try this command:

access-list acl_in line 1 permit tcp any host 193.144.127.204 eq 3306

Hope this helps.

Regards,

NT

George K John · ‎07-20-2010

Seems to be it is working.

Thank you so much.

Can you help me in one more thing?

I need to open a port 4444 in the firewall to access something on a public server.

Can you please give me the command?

Also I have my web server in DMZ.

But when users connect to VPN they will not be able to browse the site. Always they need to disconnect VPN and access the server.

Is there any NATing I need to do for accessing web server without disconnecting VPN.

When I connect to VPN I get an IP range of 10.21.200.0

My server IP is 10.21.15.0

Thank you so much

Tonio

Nagaraja Thanthry · ‎07-20-2010

Hello,

In order for you to access the public server on port 4444, please try the

following command:

Access-list acl_in line 2 permit ip any host eq

4444

With regard to VPN clients not able to access the webserver issue, please

try the following:

Access-list nonat_dmz permit ip 10.21.15.0 255.255.255.0 10.21.200.0

255.255.255.0

Nat (dmz) 0 access-list nonat_dmz

Hope this helps.

Regards,

NT

Note: Please do not forget to rate the useful posts.

George K John · ‎07-20-2010

Thank you it is working.

Tonio