12-08-2005 01:54 AM - edited 02-21-2020 12:34 AM
In my network, there is one server that is on an untrusted network. i have a firewall between that server and my network. I only want to allow that server to send data to a server on my network, and deny all other access.
is this option possible in the PIX firewall.
12-08-2005 02:14 AM
The scenario mentioned in this link deals to a similar kinda access inline with urs.
only difference is its allowing/permitting the smtp services alone.
you mite want to look at these altered config lines ...
access-list input permit ip host outsideserverip host yourpublicip
access-group input in interface outside
static (inside,outside) yourpublicip yourinsideserverip netmask 255.255.255.255
outsideserverip --- remoteend server ip
yourpublicip --- the outside interface ip configured in ur outside interface
yourinsideserverip --- the orginal ip configured on your servers nic which is kept in inside lan behind the pix
regds
12-08-2005 03:37 AM
Let me explain little bit more. The untrusted Server IP is 172.16.2.22 and it is supposed to access the trusted Server 192.168.100.2 on particular tcp port 6789.but in access-list I cannot define this particular IP to access the inside server on a specific TCP port.
the access-list above defines IP access, which will include all TCP ports,
i want the access-list to allow access on a specific tcp port. is this possible with the PIX firewall.
12-08-2005 03:43 AM
hi
As mentioned in the link attached in my post you can define the access on particular port as
access-list input permit tcp any host 209.164.3.5 eq 6789
i hope that should work out for u..
regds
12-08-2005 05:42 AM
is it possible to replace the "any" with an IP address of the outside server
12-08-2005 05:56 AM
hi
its very much possible to define specific ip prefixing "host" keyword in front of that ip address..
access-list input permit tcp host youroutsideserverip host 209.164.3.5 eq 6789
regds
12-08-2005 06:47 AM
thanks..
i tried this command before, but then it didnot allow any sort of communication from the outside server to the internal server...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: