Need help from Network Guru's
I am setting up a Debian Box at school for my students to use
and my network admins are unable to get the firewall configured to allow
incoming ssh packets.
Below is their repsonse to me regarding the setup of the network.
Here is our setup.
'Net --> router --> hub ---> Cisco PIX ---> Zeus
---> Novell BorderManager ---> lab computers
The outside interface of the PIX box has IP address 151.198.194.251, and
has a gateway address to our router 151.198.194.249. (This is in the DMZ,
not passing through Novell Bordermanager at all.)
The PIX inside interface has IP address 192.168.1.1, and is connected to
Zeus/192.168.1.4 (the debian box)
There is a PIX Static NAT rule which translates 151.198.194.251 to
192.168.1.4 (and vice-versa). There is no port redirection on that rule.
We know this configuration works 'cause you(I) can connect from your home.
The question is, why can't anyone else, unless they are on a lab computer,
which passes through Novell BorderManager, NATTing those packets to a
source address of 151.198.194.252.
**** Acoording to them, they have a firewall rule that allows packets from
**** my static IP address in.(So far only I can ssh into the box)
**** I can not send any packets out from zeus either.
PIX INSIDE INTERFACE ACCESS RULES:
1. Allow ICMP traffic from Zeus/192.168.1.4 to any destination
(****this does not work )
2. Allow ssh/tcp traffic from Zeus/etc. to any destination
(****This does not work)
3. Allow all tcp traffic from Zeus/etc. to BFurry/207.99.6.85
(****this does not work)
----------------
PIX OUTSIDE INTERFACE ACCESS RULES:
1. Allow ICMP traffic from any source to Zeus/etc.
(does not work )
2. Allow ssh/tcp traffic from any source to any destination
3. Allow tcp traffic from BFurry/etc. to Zeus/etc.
(does not work)
Thanks for any help.
Reply to: