LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-06-2009, 03:09 PM   #1
dhrumantgoradia
Member
 
Registered: Nov 2004
Distribution: CentOS & Ubuntu
Posts: 30

Rep: Reputation: 15
public ip from pix to router which connects to my ubuntu.


Hello all,

I have my ubuntu all setup accept its on a corporate network where I rent space to work. They have a cisco pix and i have my own router on its own network which is 10.0.1.x. The router IP is 10.0.1.1.

I need complete access (inbound and outbound) to the outside network. They have a public IP address that they said I can use.

So the setup is <internet><PIX><their-router> -> <my-router[10.0.1.1]><my network>

The thing is that they don't have anyone who knows how to setup the PIX. I am able to telnet into the PIX and have root access.

so after user login I type: enable
and then enter the root password which gets me in.

Now how do I set it up to allow access from public IP xxx.xxx.xxx.xxx to my router so that my network has full outside access. I think I have to use the public IP for my router too right?

Any ideas?
Thanks,
D
 
Old 08-06-2009, 03:23 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
you're better off using the asdm instead of telnet access, just hit the pix on https and you shoul dbe able to download it from the firewall, and get some decent simple access to the firewall rulesets for permitting outbound and inbound access and also access to the nat configuration as well.
 
Old 08-06-2009, 03:50 PM   #3
dhrumantgoradia
Member
 
Registered: Nov 2004
Distribution: CentOS & Ubuntu
Posts: 30

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie View Post
you're better off using the asdm instead of telnet access, just hit the pix on https and you shoul dbe able to download it from the firewall, and get some decent simple access to the firewall rulesets for permitting outbound and inbound access and also access to the nat configuration as well.
I can't do that for some reason, if i go to: https://192.168.0.1 it shows up Cisco PIX Device Manager 3.0, then opens up a popup windows and says the same thing with, hostname, pdm version (3.0(4)) and other info and says:

Please do not close this window. the cisco pix device manager will start in another window. Closing this browser window will limit the functionality available in the cisco pix device manager.

But no other window ever opens... thats why i can only configure it via telnet
 
Old 08-06-2009, 04:12 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
Hmm, that'll be an oooooooold firewall then. any Pix that's been updated in the last 4 years would be running some version of ASDM or a newer PDM, at least 5.0. Configuring a real firewall like this - especially a shared one - is no mean feat for someone without knowledge. I really wouldn't be comfortable trying to guide you through configuring a shared firewall running long obsolete firmware. If someone is willing to help further, you could start by showing us the current config to see where you are, but then this would include a lot of private information for you and other customers... http://www.cisco.com/univercd/cc/td/...x_sw/index.htm but I'd probably try to persevere with the PDM angle as that's much more user friendly, even the very old versions.

And you pay THEM for this office space?

Last edited by acid_kewpie; 08-06-2009 at 04:14 PM.
 
Old 08-06-2009, 04:59 PM   #5
dhrumantgoradia
Member
 
Registered: Nov 2004
Distribution: CentOS & Ubuntu
Posts: 30

Original Poster
Rep: Reputation: 15
how would i go about updating the firware/software etc?
 
Old 08-06-2009, 07:05 PM   #6
dhrumantgoradia
Member
 
Registered: Nov 2004
Distribution: CentOS & Ubuntu
Posts: 30

Original Poster
Rep: Reputation: 15
with help from a really smart cisco guy, this is what worked:

static (inside,outside) [external_ip] 10.0.1.1 netmask 255.255.255.255 0 0
conduit permit tcp host [external_ip] any
 
Old 08-07-2009, 02:09 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977Reputation: 1977
knowing the existing config I'd have probably provided the static NAT for a dedicated IP for you, the conduit stuff is aaaages old though, before my time!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
eth0 connects to router but not to Internet(e.g. Google.com) MadHatter21 Ubuntu 15 07-25-2009 01:51 PM
Cisco PIX 500 Series Secure Firewall (PIX-520) robertwolfe Linux - Networking 1 01-19-2006 04:37 AM
DWL-122 only connects to router not to internet Telluris Linux - Wireless Networking 2 01-11-2006 04:05 PM
WPC54G Connects to the router but not the net worldgnat Linux - Wireless Networking 7 07-11-2005 09:10 PM
Connects to router, but no internet Lee_B_H Linux - Wireless Networking 4 01-08-2005 08:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration