07-20-2010 08:31 AM - edited 03-04-2019 09:07 AM
Hello,
I have a system with LAN IP where an application is running which will connect to a public server and download some files.
But I need to open a port 3306 for this.
The local LAN IP is 192.168.1.71
The public IP is 193.144.127.204
Port is 3306.
Can someone help me to open a port in the firewall ?
To connect to the B2G database you (your computer settings, your personal firewall) and your institute (institutes firewall, providers network settings) has to permit outgoing tcp connections on port 3306.
Please help me with routing table.
Thanks
Tonio
07-20-2010 12:57 PM
Hello Tonio. What kind of firewall is it? Or what kind of device are you going through to get to this outside server?
Also, can you ping that outside server from your system? If yes, can you trace to the outside server from your system. If yes, can you telnet to port 3306 from your system. Thanks
telnet 193.144.127.204 3306
ping 193.144.127.204
tracert 193.144.127.204
07-20-2010 04:57 PM
Yes, I am able to PING. I use cisco ASA5500
.
Without firewall I am able to connect and work.
Need to know how to create an access list.
Thank you
George
07-20-2010 05:10 PM
Hello,
Typically (unless you have configured exclusively), the firewall allows all outbound connections from the internal network. Please issue the following command to see if there is any rule configured on the inside interface:
show run access-group
If you do not find any access-group attached to the inside interface, then everything is allowed from inside to outside. If you did find an access-group attached to the inside interface, then please add a line to allow the port:
access-list
Hope this helps.
Regards,
NT
07-20-2010 08:47 PM
Thank you for the reply. Here is the group I have it in my router
access-group acl_out in interface outside
access-group acl_in in interface inside
Thanks
Tonio
07-20-2010 08:57 PM
Hello,
Can you please post the output of "show run access-list acl_in" command here?
Regards,
NT
07-20-2010 09:03 PM
Once again, thanks a lot.
Here is the result
Thanks in advance
Tonio
07-20-2010 09:12 PM
Hello,
Please try this command:
access-list acl_in line 1 permit tcp any host 193.144.127.204 eq 3306
Hope this helps.
Regards,
NT
07-20-2010 10:09 PM
Seems to be it is working.
Thank you so much.
Can you help me in one more thing?
I need to open a port 4444 in the firewall to access something on a public server.
Can you please give me the command?
Also I have my web server in DMZ.
But when users connect to VPN they will not be able to browse the site. Always they need to disconnect VPN and access the server.
Is there any NATing I need to do for accessing web server without disconnecting VPN.
When I connect to VPN I get an IP range of 10.21.200.0
My server IP is 10.21.15.0
Thank you so much
Tonio
07-20-2010 10:17 PM
Hello,
In order for you to access the public server on port 4444, please try the
following command:
Access-list acl_in line 2 permit ip any host eq
4444
With regard to VPN clients not able to access the webserver issue, please
try the following:
Access-list nonat_dmz permit ip 10.21.15.0 255.255.255.0 10.21.200.0
255.255.255.0
Nat (dmz) 0 access-list nonat_dmz
Hope this helps.
Regards,
NT
Note: Please do not forget to rate the useful posts.
07-20-2010 11:52 PM
Thank you it is working.
Tonio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide