Although I know nothing about PIX, I can tell you why WINS works and file /
print sharing doesn't. WINS uses port 137 whereas file/print sharing uses
port 139. This explains your PIX log message: the faddr x.y.z.32/139 bit is
where it's trying to get through on port 139 and can't.
As I say, I've no idea how PIXs work, but try opening up port 139 from your
internal network outwards. I don't know enough about SMB to tell you if
you'll need to allow inward connections: I doubt it, so try without first.
All the best,
Jez.
PS your setup sounds rather insecure - letting WINS/SMB through a firewall
is not a great plan.
-----Original Message-----
From: Daniel Crichton [mailto:[EMAIL PROTECTED]]
Sent: 31 January 2001 14:43
To: [EMAIL PROTECTED]
Subject: Argh! PIX problem ...
I've got a machine outside my firewall on my subnet that I need to access a
Windows share on from inside the firewall. Until today this has worked fine,
but now it's started playing up. The PIX config has not changed. When I try
to connect or map a network drive I get a message in NT about the server not
being found, but I can ping the WINS name and get the right IP address.
Looking at my PIX log shows the following entry syntax for any connection
attempted:
%PIX-6-302002: Teardown TCP connection 5132238 faddr x.y.z.32/139 gaddr
x.y.z.82/6293 laddr w.x.y.14/1028 duration 0:00:00 bytes 0 (TCP Reset-O)
I can't find any info on what TCP Reset-O means. A dig around the web
reveals a post in July 2000 from someone else to this list showing the same
message but no replies to the list. I did have this once before but I
resolved
that issue - I accidentally created 2 static mappings to the same internal
IP
for 2 different public ips, and the first access to the second public IP
disabled
the first public IP and resulted in this TCP Reset-O flag. I can find no
reference in the PIX config for the IP of the machine outside my firewall,
and
yet I am unable to connect to it - no outbound rules block it (which would
result in a different log message) and the server is definitely up and
responding to the IP (I can connect to the web server on it using IE). Any
ideas?
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
