Re: Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Allow printing traffic from DMZ(Lower Security interface) to inside network on PIX 515E

From: <jywu1@hotmail.com>
Date: Fri Dec 09 2005 - 20:57:06 CET



Thank you, Wil,


I'll try "static (inside,dmz) 192.168.1.0 192.168.1.0 netmask


255.255.255.0"



Kenny



Wil Wrote:


> Just noticed that you have a nat0 on each interface... PIX isn't a


> router, AFAIK you will always need to nat a lower to a higher.


>


> Try this:


>


> ! This allows basic Internet usage


> global (outside) 1 interface


> nat (inside) 1 0 0


> nat (dmz) 1 0 0


>


> ! This creates a nat from the dmz to the inside


> static (inside,dmz) 192.168.1.0 192.168.1.0 netmask 255.255.255.0


> 


> happy hunting!


> 


> Wil


> my 3¢


Received on Sun Dec 11 14:24:57 2005