PIX 501 DNS Alias on interface for static IPs while port fowarding and DHCP?

  wonknose

    wonknose Guest


    I've spent about 10 hours configing my PIX 501 today. I haven't had
    much experience with networking but so far have managed to reset the
    lost password (via TFTP server and password reset bin file) and got
    PPPOE with DHCP for the external interface running after setting my DSL
    router up as a bridge and also bridging through a motorola VOIP device.

    OK this is where I run into trouble:

    windows XP boxes using DHCP resolve DNS fine
    windows XP boxes using static IPs can't resolve DNS when the DNS IP is
    pointed to the PIX.

    I need to run some static IPs for port forwarding but want the DNS to
    resolve for the static IP addresses as well.

    Can anyone point me to PIX config(s) option(s) which will

    1) allow DHCP with DNS to function (note: this is already working but
    I wish it to remain in working order)
    2) for static IP addresses: allow DNS to resolve by entering the PIX
    internal interface address
    3) allow port-forwarding to a static IP addresses

    Thanks in advance,
    wonknose, Apr 28, 2006
  wonknose

    wonknose Guest

    ok 6 hours more and still can't get this to work.

    new details:
    1) removed VOIP device from network.
    2) changed DSL router back to router mode with PPOE BRIDGE and NAT for
    PIX IP address (Had it working in full bridge mode)
    3) PIX handles PPPOE login
    4) got DNS working for both static and DHCP by hardcoding the static

    STILL can't get port forwarding to work at all :(

    running version 6.3(1) reset to factory config and used the following

    access-list inbound permit icmp any any
    access-list inbound permit tcp any any eq www

    access-group inbound in interface outside
    static (inside,outside) tcp interface www www netmask

    the 203 address is a box with a port 80 application running.

    tried a port-scan website and two friends in two different countries
    and the port is still not open. can someone offer some insight? It
    should not be this hard to forward a port, something is wrong?
    wonknose, Apr 29, 2006
  wonknose

    wonknose Guest

    the pix 501 makes a great paperweight :p
    wonknose, Apr 29, 2006
  wonknose

    wonknose Guest

    Well, nobody replied to any of my requests for help but as usual, life
    responds to those who help themselves. Got it all working through
    persistance. For future reference if anyone is searching usenet for a
    similar issue I will post the resolution here.

    Main problem: when the PIX is set up for DHCP, STATIC IPs are unable to
    use DNS
    soltion: (since none better were posted) use STATIC DNS entires on
    STATIC IPs, do not piont at the PIX inside interface for DNS as it will
    not reslove them.

    Secondary problem: Even if everything else is working port forwarding
    only works if you use a cross-over patch cable instead of a straight
    through cable. I had swiched mine to a straight through cable
    somewhere along the line in all my troubleshooting attempts. Switching
    back to a cross-over patch cable allowed port forwarding to work.

    Was a cable issuse.
    wonknose, Apr 29, 2006
