March 29th, 2003, 12:21 AM
Help me get outside
i'm behind a firewall at work that uses NAT for real world address's and am not sure how to get outside the network without using a proxy server
Can anyone help?
PS the firewall is a pix 501 if that helps
March 29th, 2003, 01:50 AM
Most likely, you just need to set your gateway address in the client you are trying to connect to the Internet. Your firewall should have 2 NIC interfaces, one public and one private. The IP address of the private one should be the address you put for the gateway in your clients.
If your firewall doesn't use DHCP, you may have to specify a private IP address and DNS server, as well, but most commercial firewalls will probably provide DHCP.
Do what you want with the girl, but leave me alone!
March 29th, 2003, 10:27 AM
One thing though, are you the admin there? Maybe your admin does not want you to go outside without going through the proxy. One thing thats very important is that you respect your admins policies. If you succeed in doing what you want here, you could compromise the security on that network. If your not the admin, then go talk to the admin telling him why you want to access the internet without the proxy. If he says no, then dont!
Ubuntu-: Means in African : "Im too dumb to use Slackware"
March 29th, 2003, 03:57 PM
I'll tell you how the pix works, you take it from there. But be warned, if you are violating an acceptable use policy you could get fired.
If your proxy server is 10.0.0.1 then there will be lines in the pix that reads something like:
access-list Outbound permit ip host 10.0.0.1 any (for completely wide open access to the world) and another that reads:
access-list Inbound permit ip any host 10.0.0.1
Now, the names of the lists (Outbound and Inbound) may be different, and there could be a few more arguments in the permit lines because with those two above, nothing is restricted at all.
Now.....if your machine is 10.0.0.100 and you try going directly to the firewall, there is no statement there to let you out. In fact, there is probably an 'access-list Outbound deny' statement to keep anyone from going around the proxy. So you need to have two access list statements permiting host 10.0.0.100 through the firewall.
Again....I'm going to give you the benifit of the doubt and assume you are allowed to modify the firewall. The firewall config simply needs to be changed to let your host out, and traffic in (and not even that necessarily, depends on if you are hosting something on that box that needs to be reached from the public network). The two lines above let all traffic to and from that host in and out so you might want to read up on what you'd like to restrict your traffic to. HTTP and FTP for example.
Go to Cisco for a better understanding of how to use access-lists to restrict traffic.
March 30th, 2003, 03:18 AM
I think problemchild is right, you need to set a gateway on the client machine. Of course the gateway would be the ip address of the router.
For example if the router has network ip of 192.168.0.1 then you would need to set a gateway on your computer to that ip address. If I'm wrong please correct me guys, I think thats how it should be done.
Also under your TCP/IP protocol on your NIC Card make sure that automatically detect settings is enabled. I believe that that should get you outside.