Re: Need help from Network Guru's

To: <debian-user@lists.debian.org>
Subject: Re: Need help from Network Guru's
From: "Debian User" <debianuser@cercy.net>
Date: Thu, 21 Nov 2002 07:09:36 -0500 (EST)
Message-id: <[🔎] 4125.151.214.18.232.1037880576.squirrel@gregg.cercy.lan>
In-reply-to: <[🔎] 6127.151.198.194.252.1037815251.squirrel@webmail.nac.net>
References: <[🔎] 6127.151.198.194.252.1037815251.squirrel@webmail.nac.net>

If I'm understanding the situation right, then the problem
looks to be the router rather than the pix. If you're meant to
access the network, there might already be a route there for
you, but not one for everyone else.
A bit of a longshot would be to check /etc/hosts.deny and your
DNS setup on Zeus. Make sure it can do DNS revlookups on IP's
out in the internet. Make sure there is no paranoid line hosts
deny.
> I am setting up a Debian Box at school for my students to
> use
> and my network admins are unable to get the firewall
> configured to allow incoming ssh packets.
>
> Below is their repsonse to me regarding the setup of the
> network.
>
> Here is our setup.
>
>
> 'Net --> router --> hub ---> Cisco PIX ---> Zeus
>                        ---> Novell BorderManager ---> lab
>                        computers
>
>
> The outside interface of the PIX box has IP address
> 151.198.194.251, and has a gateway address to our router
> 151.198.194.249.  (This is in the DMZ, not passing through
> Novell Bordermanager at all.)
>
> The PIX inside interface has IP address 192.168.1.1, and is
> connected to Zeus/192.168.1.4 (the debian box)
>
> There is a PIX Static NAT rule which translates
> 151.198.194.251 to 192.168.1.4 (and vice-versa).  There is
> no port redirection on that rule.
>
> We know this configuration works 'cause you(I) can connect
> from your home. The question is, why can't anyone else,
> unless they are on a lab computer, which passes through
> Novell BorderManager, NATTing those packets to a source
> address of 151.198.194.252.
>
> **** Acoording to them, they have a firewall rule that
> allows packets from **** my static IP address in.(So far
> only I can ssh into the box)
> **** I can not send any packets out from zeus either.
>
> PIX INSIDE INTERFACE ACCESS RULES:
> 1.  Allow ICMP traffic from Zeus/192.168.1.4 to any
> destination
> (****this does not work )
>
> 2.  Allow ssh/tcp traffic from Zeus/etc. to any destination
>
> (****This does not work)
>
> 3.  Allow all tcp traffic from Zeus/etc. to
> BFurry/207.99.6.85
> (****this does not work)
>
> ----------------
> PIX OUTSIDE INTERFACE ACCESS RULES:
> 1.  Allow ICMP traffic from any source to Zeus/etc.
>
> (does not work )
>
> 2.  Allow ssh/tcp traffic from any source to any
> destination
>
>
> 3.  Allow tcp traffic from BFurry/etc. to Zeus/etc.
>
> (does not work)
>
> Thanks for any help.
>
>
>
> --
> To UNSUBSCRIBE, email to
> debian-user-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org

Reply to:

References:
- Need help from Network Guru's
  - From: <fbrian@nac.net>

Prev by Date: DIPLOMADO EN COMERCIO ELECTRÓNICO
Next by Date: Re: purging messages in mutt
Previous by thread: Need help from Network Guru's
Next by thread: A happy Debian user
Index(es):
- Date
- Thread