Anonymous_User Absent Member.
Absent Member.
3235 views

cisco firewall exceptions

Anyone here good at dealing w/ these? Apparently firewalls are just
kicking my *** lately.

Trying to allow inbound port 8080 traffic to a box that's NAT'd to a
secondary IP address on the firewall.

Labels (1)
0 Likes
24 Replies
jcalderwood Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo wrote:
> Anyone here good at dealing w/ these? Apparently firewalls are just
> kicking my *** lately.
>
> Trying to allow inbound port 8080 traffic to a box that's NAT'd to a
> secondary IP address on the firewall.
>


email jcalderwood at icuetv dot com or wait until i get home in a few
hours so i can get to my im....
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Jay Zie blathered something to the effect:

> email jcalderwood at icuetv dot com or wait until i get home in a few
> hours so i can get to my im....


incoming.............
0 Likes
jcalderwood Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo wrote:
> Jay Zie blathered something to the effect:
>
>> email jcalderwood at icuetv dot com or wait until i get home in a few
>> hours so i can get to my im....

>
> incoming.............


*duck*
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo wrote:

> Trying to allow inbound port 8080 traffic to a box that's NAT'd to a
> secondary IP address on the firewall.


Create a rule allowing inbound traffic to the NATted address,
destination on port 8080, and apply it to inbound traffic on the
interface where the traffic comes in.

internal host: 192.168.1.10
NAT address: 4.2.2.10

intenral host on inside interface, traffic is coming in from the outside

access-list outside_traffic_in extended permit tcp any host 4.2.2.10 eq 8080

access-group outside_traffic_in in interface outside

--
Joe
Does this washcloth smell like chloroform?

Joe Marton Emeritus Knowledge Partner
0 Likes
jcalderwood Absent Member.
Absent Member.

Re: cisco firewall exceptions

Joseph Marton wrote:
> Stevo wrote:
>
>> Trying to allow inbound port 8080 traffic to a box that's NAT'd to a
>> secondary IP address on the firewall.

>
> Create a rule allowing inbound traffic to the NATted address,
> destination on port 8080, and apply it to inbound traffic on the
> interface where the traffic comes in.
>
> internal host: 192.168.1.10
> NAT address: 4.2.2.10
>
> intenral host on inside interface, traffic is coming in from the outside
>
> access-list outside_traffic_in extended permit tcp any host 4.2.2.10 eq
> 8080
>
> access-group outside_traffic_in in interface outside
>


yeah i was just typing that in an email to steve.... blah thanks joe. <G>
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Open it up for the outside and give us the IP, username and password. 🙂


"Stevo" <steveSPAM@LESSccgov.net> wrote in message
news:wWYQl.1698$rb5.1404@kovat.provo.novell.com...
> Anyone here good at dealing w/ these? Apparently firewalls are just
> kicking my *** lately.
>
> Trying to allow inbound port 8080 traffic to a box that's NAT'd to a
> secondary IP address on the firewall.
>



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Joseph Marton blathered something to the effect:

> Create a rule allowing inbound traffic to the NATted address,
> destination on port 8080, and apply it to inbound traffic on the
> interface where the traffic comes in.
>
> internal host: 192.168.1.10
> NAT address: 4.2.2.10
>
> intenral host on inside interface, traffic is coming in from the
> outside
>
> access-list outside_traffic_in extended permit tcp any host 4.2.2.10
> eq 8080
>
> access-group outside_traffic_in in interface outside


As far as I can tell, have this setup already.
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo wrote:

> As far as I can tell, have this setup already.


Doesn't sound like it if it's not working. 🙂

Are you sure you did the access-group command to actually apply the ACL?
That's an easy step to miss.

--
Joe
Does this washcloth smell like chloroform?

Joe Marton Emeritus Knowledge Partner
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Craig blathered something to the effect:

> Open it up for the outside and give us the IP, username and password.
> 🙂


I'm about tempted to, either that or ****can everything internet
related company wide.

Firewall stuff has just kicked the ever-lovin **** out of me lately.
Apparently I have no clue what I'm doing anymore.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Joseph Marton blathered something to the effect:

> Are you sure you did the access-group command to actually apply the
> ACL? That's an easy step to miss.


Already have an extended access rule applied inbound to this interface,
as have other web stuff working through it.
0 Likes
jmarton2 Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo wrote:

> Already have an extended access rule applied inbound to this interface,
> as have other web stuff working through it.


Could it be a problem with a NAT rule?

If it's an ASA with 8.x code, I believe there's this simulator thing
where you can tell it the source/dest ip/port and in/out interfaces for
a simulated packet. It will then tell you if it will pass or not, and
if not, why.

Otherwise, there's the old fashioned way... turn on debugs and generate
traffic. That's always a PITA though.

--
Joe
Does this washcloth smell like chloroform?

Joe Marton Emeritus Knowledge Partner
0 Likes
islander Absent Member.
Absent Member.

Re: cisco firewall exceptions

Stevo,

> Apparently I have no clue what I'm doing anymore.


And I'm betting you've got your mind on something else, deep down.
That can be a distraction, and make things that seemed simple before,
appear more complex now. : )

Susan
Novell Community Chat Moderator

http://forums.novell.com/faq.php?faq=novfor#faq_rules
http://www.ncci.org NCCIrregulars Web Site
http://ncci.blogspot.com NCCIrregulars Blog


Susan Novell Community Chat Moderator http://forums.novell.com/faq.php?faq=novfor#faq_rules http://www.ncci.org NCCIrregulars Web Site
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Susan blathered something to the effect:

> And I'm betting you've got your mind on something else, deep down.
> That can be a distraction, and make things that seemed simple before,
> appear more complex now. : )


Well I only have about 5 *major* projects going on at work, not sure if
that's contributing at all.
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: cisco firewall exceptions

Joseph Marton blathered something to the effect:

> Could it be a problem with a NAT rule?


At this point, I really don't know anymore.


> If it's an ASA with 8.x code, I believe there's this simulator thing
> where you can tell it the source/dest ip/port and in/out interfaces
> for a simulated packet. It will then tell you if it will pass or
> not, and if not, why.


Not an ASA, it's an 1841 w/ firewall ios on it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.