If I'm understanding the situation right, then the problem looks to be the router rather than the pix. If you're meant to access the network, there might already be a route there for you, but not one for everyone else. A bit of a longshot would be to check /etc/hosts.deny and your DNS setup on Zeus. Make sure it can do DNS revlookups on IP's out in the internet. Make sure there is no paranoid line hosts deny. > I am setting up a Debian Box at school for my students to > use > and my network admins are unable to get the firewall > configured to allow incoming ssh packets. > > Below is their repsonse to me regarding the setup of the > network. > > Here is our setup. > > > 'Net --> router --> hub ---> Cisco PIX ---> Zeus > ---> Novell BorderManager ---> lab > computers > > > The outside interface of the PIX box has IP address > 151.198.194.251, and has a gateway address to our router > 151.198.194.249. (This is in the DMZ, not passing through > Novell Bordermanager at all.) > > The PIX inside interface has IP address 192.168.1.1, and is > connected to Zeus/192.168.1.4 (the debian box) > > There is a PIX Static NAT rule which translates > 151.198.194.251 to 192.168.1.4 (and vice-versa). There is > no port redirection on that rule. > > We know this configuration works 'cause you(I) can connect > from your home. The question is, why can't anyone else, > unless they are on a lab computer, which passes through > Novell BorderManager, NATTing those packets to a source > address of 151.198.194.252. > > **** Acoording to them, they have a firewall rule that > allows packets from **** my static IP address in.(So far > only I can ssh into the box) > **** I can not send any packets out from zeus either. > > PIX INSIDE INTERFACE ACCESS RULES: > 1. Allow ICMP traffic from Zeus/192.168.1.4 to any > destination > (****this does not work ) > > 2. Allow ssh/tcp traffic from Zeus/etc. to any destination > > (****This does not work) > > 3. Allow all tcp traffic from Zeus/etc. to > BFurry/207.99.6.85 > (****this does not work) > > ---------------- > PIX OUTSIDE INTERFACE ACCESS RULES: > 1. Allow ICMP traffic from any source to Zeus/etc. > > (does not work ) > > 2. Allow ssh/tcp traffic from any source to any > destination > > > 3. Allow tcp traffic from BFurry/etc. to Zeus/etc. > > (does not work) > > Thanks for any help. > > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED]
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
