get the book of Oreilly called
"Building Internet Firewalls, Second Edition"
Great intro about how firewalls work and how
they must be set up...
Regards,
Brenno
> -----Original Message-----
> From: Anthony Liberty [SMTP:[EMAIL PROTECTED]]
> Sent: woensdag 19 september 2001 7:19
> To: '[EMAIL PROTECTED]'
> Subject: firewall newbie..asked???
>
> Hi.
> I'm Anthony
> I'm new in securing network with firewall
> anybody can pointing me , where can i learn first?
>
>
> thx
>
> -anthony l-
>
> -----Original Message-----
> From: bob bobing [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 19, 2001 10:55 AM
> To: Ben Nagy; 'Sven Jansen'
> Cc: [EMAIL PROTECTED]
> Subject: RE: pix - no inbound conns
>
>
> Well i think i has to do with you static line. your
> global address is 192.168.0.253, so your connections
> should be hitting that address, which the pix will
> xlate to 192.168.1.1.
>
> In your examples you are not sending icmp, you are
> sending udp, and you are pointing it to 192.168.1.1.
>
> So ether change your dst addr to 192.168.0.253, or
> change your static line to
> static (inside,outside) 192.168.1.1 192.168.1.1
> netmask 255.255.255.255
> xlate this ip to its self.
>
> > > -----Original Message-----
> > > From: Sven Jansen [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, September 18, 2001 8:32 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: pix - no inbound conns
> > >
> > >
> > > Hello all,
> > >
> > > sorry, I forgot to mention the subject, so I send
> > this mail a
> > > second time.
> > >
> > > I try to configure a PIX515, which has 2
> > interfaces.
> > > My problem is, that I cannot start any
> > communication from the
> > > outside through the firewall.
> > > Outbound connections are no problem.
> > > These are some of the syslog messages:
> > >
> > > %PIX-6-305002: Translation built for gaddr
> > 192.168.0.253 to
> > > laddr 192.168.1.1
> > > %PIX-3-106010: Deny inbound udp src
> > outside:192.168.0.3/1086
> > > dst inside:192.168.1.1/53
> > > %PIX-3-106010: Deny inbound udp src
> > outside:192.168.0.2/1024
> > > dst inside:192.168.1.1/69
> > >
> > > So I tried it with DNS and TFTP, but also with
> > some TCP ports.
> > > Besides, when I check the meaning of system log
> > messages in
> > > the internet (cisco.com), it tells me
> > > that 106010 is an 'deny inbound icmp' message.
> > >
> > > Here is a sample of my config:
> > >
> > > PIX Version 6.0(1)
> > > nameif ethernet0 outside security0
> > > nameif ethernet1 inside security100
> > > hostname pixfirewall
> > > fixup protocol ftp 21
> > > fixup protocol http 80
> > > fixup protocol h323 1720
> > > fixup protocol rsh 514
> > > fixup protocol smtp 25
> > > fixup protocol sqlnet 1521
> > > fixup protocol sip 5060
> > > fixup protocol skinny 2000
> > > names
> > > name 192.168.1.10 INTRANET
> > > name 192.168.0.10 DMZ
> > > access-list 110 permit icmp 192.168.1.0
> > 255.255.255.0 any echo
> > > access-list 110 permit ip any any
> > > access-list 120 permit icmp any 192.168.0.0
> > 255.255.255.0 echo-reply
> > > access-list 120 permit ip any any
> > > interface ethernet0 auto
> > > interface ethernet1 auto
> > > ip address outside DMZ 255.255.255.0
> > > ip address inside INTRANET 255.255.255.0
> > > global (outside) 1 192.168.0.200-192.168.0.252
> > > nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> > > static (inside,outside) 192.168.0.253 192.168.1.1
> > netmask
> > > 255.255.255.255 0 0
> > > access-group 120 in interface outside
> > > access-group 110 in interface inside
> > > route outside 0.0.0.0 0.0.0.0 192.168.0.1 1
> > >
> > > As you can see, after a while of testing, I
> > decided to permit
> > > all ip traffic.
> > > The access-lists seem to work, because without the
> > 'permit
> > > icmp' I cannot ping out.
> > > So there must be the connection between the
> > interface and the acl.
> > >
> > > Another question I have is, I want to build a
> > explicit trust
> > > relationship between two
> > > active directory domains through the firewall.
> > > Does anybody have a hint how that works?
> > >
> > > Thanks in advance for all help,
> > >
> > > Sven Jansen
> >
> >
> > About Marconi
> >
> >
> ____________________________________________________________________
> >
> > Marconi plc is a global communications and IT
> > company with around
> > 45,000 employees world-wide. Marconi has research
> > and development
> > facilities in 19 countries, manufacturing
> > operations in 16
> > countries, and serves customers in over 100
> > countries. Marconi
> > offers total communications solutions, key
> > technologies and services
> > for the carriers, enterprise and the Internet.
> > Marconi plc is listed
> > on the London Stock Exchange and NASDAQ under the
> > symbol MONI.
> >
> ____________________________________________________________________
> >
> > The information contained in this e-mail is
> > confidential. If you are
> > not the intended recipient, you may not disclose or
> > use the
> > information in this e-mail or attached documents in
> > any way and we
> > ask that you please delete this e-mail. The views
> > or opinions
> > expressed are the author's own and may not reflect
> > the views or
> > opinions of Marconi. Marconi does not guarantee the
> > integrity of
> > any e-mails or attached files and we suggest you
> > scan all incoming
> > e-mails for viruses.
> >
> ____________________________________________________________________
> >
> >
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
>
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
