Di

Web Server

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface

Pixfirewall#wr t

!The nameif commands are used to name the interfaces of the PIX and assign them a !security level.

nameif ethernet0 outside security0

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface (Continued)

nameif ethernetl inside security100 nameif ethernet2 dmz security50

!The interface commands that follow define the physical medium to which the !interfaces are connected interface ethernet0 10baset interface ethernetl 10baset interface ethernet0 100basetx

!The command below is used to specify the password for getting into the privileged !or enable mode of the PIX firewall, enable password <removed> encrypted

!The command below specifies the password used to specify the password for Telnet !access to the PIX firewall, passwd <removed> encrypted

!The IP address commands that follow are used to give IP addresses to the PIX !interfaces using the names defined above ip address outside 209.165.201.3 255.255.255.224 ip address inside 10.0.0.1 255.255.255.0 ip address dmz 192.168.0.1 255.255.255.0

!The hostname command defines the name of the PIX

hostname pixfirewall

!The fixup commands that follow turn on the fixup functionality for the PIX box, !as discussed in the preceding sections fixup protocol ftp 21 fixup protocol http 80 fixup protocol smtp 25 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol sqlnet 1521

!The arp command defines the time after which the ARP entries in the ARP cache !maintained by the PIX are flushed out arp timeout 14400

!The no failover command below suggests that this is a standalone PIX no failover

!The names command that follows turns on the use of the name command. The name !command is used here to allow you to use the word 'webserver' in the Configuration instead of typing its whole IP address, 192.168.0.2

names

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface (Continued)

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface (Continued)

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface (Continued)

Example 8-1 PIX Firewall with Three Interfaces Residing on the DMZ Interface (Continued)

This case study not only gave you an overview of one of the most commonly used PIX configurations but also reviewed the most common commands in the PIX setup. Larger PIX setups, meaning ones involving more than just the three interfaces, are done using configurations similar to the configuration in Example 8-1.

0 0

Post a comment