Frederic, Regarding:
>I Know that I can open port 80 from the lan to the DMZ instead of trying >to go to internet to get to the DMZ web server but I'd like to >understand why it's not possible. The PIX is a very simple packet forwarder. When a packet arrives at the LAN interface from the inside it looks at the destination and says "where do I put this?". The PIX knows about directly connected networks. In this case it would try and put the packet onto the DMZ, not out on the Internet. Liberty for All, Brian At 12:33 AM 11/15/2001 -0800, [EMAIL PROTECTED] wrote: >Message: 7 >From: =?iso-8859-1?B?RnLpZOlyaWMgTelkZXJ5?= <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: PIX 515 question >Date: Wed, 14 Nov 2001 19:01:13 -0500 > >The network > >DMZ-----PIX-----LAN > | > | > INTERNET > >We have a IIS web server inside the DMZ. I'm trying to access the web >site (in the DMZ) from a station inside the LAN. We cannot access the >web site. >A guy told me that i was not possible (a NAT problem ?) with the pix or >other ?) firewall. >I Know that I can open port 80 from the lan to the DMZ instead of trying >to go to internet to get to the DMZ web server but I'd like to >understand why it's not possible. > >If You have some information it would be great ! > >Frederic _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
