Re: IP aliasing behind a PIX

[Don Owens <don () xlogistics com>]

The problem has been resolved.  Thanks to Mike Scher for pointing me to
the "static" lines in the conf.  The intention was to map the entire
network behind the PIX (1-1 mapping, since the network is public), but
the entry had a netmask of 255.255.255.255 instead of 255.255.255.224. 
Once I added a line with the correct netmask, the aliases began
working.  However, now I wonder why the main IP on each interface worked
in the first place ...

Don

On Fri, 2003-01-17 at 18:04, Don Owens wrote:
> Hi guys,
>
> I'm overloading interfaces on Solaris and Linux boxen to have multiple
> IPs (same network though) behind a PIX firewall.  From within the
> network, the aliases work fine (i.e., the machines are accessible using
> the aliased IPs).  However, when trying to get to them from outside the
> network, the IPs are unreachable.  These are public IPs and the routing
> works fine for each IP if that IP is the main IP of the box.  If I swap
> the IP of one of the aliases with the main IP, that IP is then
> reachable.  Then the alias works as well until I reboot the PIX.
>
> It seems to me this has to be the PIX, as I have not had this problem in
> the past using access lists on routers as firewalls.  Has anyone else
> seen this problem?  Am I missing a simple setting on the PIX or
> something?
>
> Any ideas?
>
> Don
>
> --
> Don Owens
> don () xlogistics com
> www.xlogistics.com
>
> Express Logistics
> 48541 Warm Springs Blvd., Ste. 505
> Fremont, CA 94539
--
Don Owens
don () xlogistics com
www.xlogistics.com

Express Logistics
48541 Warm Springs Blvd., Ste. 505
Fremont, CA 94539
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards