Results 1 to 5 of 5

Thread: Help me get outside

  1. #1
    Join Date
    Dec 2002

    Help me get outside

    i'm behind a firewall at work that uses NAT for real world address's and am not sure how to get outside the network without using a proxy server

    Can anyone help?

    PS the firewall is a pix 501 if that helps


  2. #2
    Senior Member problemchild's Avatar
    Join Date
    Jul 2002
    Most likely, you just need to set your gateway address in the client you are trying to connect to the Internet. Your firewall should have 2 NIC interfaces, one public and one private. The IP address of the private one should be the address you put for the gateway in your clients.

    If your firewall doesn't use DHCP, you may have to specify a private IP address and DNS server, as well, but most commercial firewalls will probably provide DHCP.
    Do what you want with the girl, but leave me alone!

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    One thing though, are you the admin there? Maybe your admin does not want you to go outside without going through the proxy. One thing thats very important is that you respect your admins policies. If you succeed in doing what you want here, you could compromise the security on that network. If your not the admin, then go talk to the admin telling him why you want to access the internet without the proxy. If he says no, then dont!

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    Senior Member
    Join Date
    Jan 2003
    I'll tell you how the pix works, you take it from there. But be warned, if you are violating an acceptable use policy you could get fired.

    If your proxy server is then there will be lines in the pix that reads something like:

    access-list Outbound permit ip host any (for completely wide open access to the world) and another that reads:
    access-list Inbound permit ip any host

    Now, the names of the lists (Outbound and Inbound) may be different, and there could be a few more arguments in the permit lines because with those two above, nothing is restricted at all.

    Now.....if your machine is and you try going directly to the firewall, there is no statement there to let you out. In fact, there is probably an 'access-list Outbound deny' statement to keep anyone from going around the proxy. So you need to have two access list statements permiting host through the firewall.

    Again....I'm going to give you the benifit of the doubt and assume you are allowed to modify the firewall. The firewall config simply needs to be changed to let your host out, and traffic in (and not even that necessarily, depends on if you are hosting something on that box that needs to be reached from the public network). The two lines above let all traffic to and from that host in and out so you might want to read up on what you'd like to restrict your traffic to. HTTP and FTP for example.

    Go to Cisco for a better understanding of how to use access-lists to restrict traffic.

  5. #5
    Senior Member
    Join Date
    Feb 2003
    Memphis, TN
    I think problemchild is right, you need to set a gateway on the client machine. Of course the gateway would be the ip address of the router.

    For example if the router has network ip of then you would need to set a gateway on your computer to that ip address. If I'm wrong please correct me guys, I think thats how it should be done.

    Also under your TCP/IP protocol on your NIC Card make sure that automatically detect settings is enabled. I believe that that should get you outside.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts