Firewall Wizards mailing list archives
Re: IP aliasing behind a PIX
From: Don Owens <don () xlogistics com>
Date: 22 Jan 2003 09:27:41 -0800
The problem has been resolved. Thanks to Mike Scher for pointing me to the "static" lines in the conf. The intention was to map the entire network behind the PIX (1-1 mapping, since the network is public), but the entry had a netmask of 255.255.255.255 instead of 255.255.255.224. Once I added a line with the correct netmask, the aliases began working. However, now I wonder why the main IP on each interface worked in the first place ... Don On Fri, 2003-01-17 at 18:04, Don Owens wrote:
Hi guys, I'm overloading interfaces on Solaris and Linux boxen to have multiple IPs (same network though) behind a PIX firewall. From within the network, the aliases work fine (i.e., the machines are accessible using the aliased IPs). However, when trying to get to them from outside the network, the IPs are unreachable. These are public IPs and the routing works fine for each IP if that IP is the main IP of the box. If I swap the IP of one of the aliases with the main IP, that IP is then reachable. Then the alias works as well until I reboot the PIX. It seems to me this has to be the PIX, as I have not had this problem in the past using access lists on routers as firewalls. Has anyone else seen this problem? Am I missing a simple setting on the PIX or something? Any ideas? Don -- Don Owens don () xlogistics com www.xlogistics.com Express Logistics 48541 Warm Springs Blvd., Ste. 505 Fremont, CA 94539
-- Don Owens don () xlogistics com www.xlogistics.com Express Logistics 48541 Warm Springs Blvd., Ste. 505 Fremont, CA 94539 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IP aliasing behind a PIX Don Owens (Jan 18)
- Re: IP aliasing behind a PIX Don Owens (Jan 22)
- <Possible follow-ups>
- RE: Re: IP aliasing behind a PIX Noonan, Wesley (Jan 22)
- RE: Re: IP aliasing behind a PIX Don Owens (Jan 24)