Newb, Port forward

Unanswered Question
Mar 5th, 2007
User Badges:

I have a pix 501 with the outside interface set to dhcp.

The inside interface is 10.6.1.1

How do I forward ftp traffic to 10.6.1.10? also I want to forward port 15000 to port 3389 to host 10.6.1.11 and finally port 80 traffice to 10.6.1.12


I tried a static mapping and it works for one host

static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.2

55 0 0

but if I try to add another it tells me there is a conflict with that rule..I am in need of advice.


THANKS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
acomiskey Mon, 03/05/2007 - 13:22
User Badges:
  • Green, 3000 points or more

you've got it..


static (inside,outside) tcp interface ftp 10.6.1.10 ftp netmask 255.255.255.255


static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255


why forward 15000 to 3389 10.6.1.11, you already have it. if you want it to be 15000 to 3389 you have to remove your first one..


no static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.255


static (inside,outside) tcp interface 15000 10.6.1.11 3389 netmask 255.255.255.255

elovelace256 Mon, 03/05/2007 - 15:08
User Badges:

Great thanks! One more question

Can I add more than one port forward per ip address?

Like this

static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255


static (inside,outside) tcp interface 1222 10.6.1.12 1222 netmask 255.255.255.255


Also can I add diffrent access lists to these? say 1.1.1.1 can access port 80 but 2.2.2.2 can only access 1222


Thanks!

acomiskey Mon, 03/05/2007 - 16:21
User Badges:
  • Green, 3000 points or more

Yes, more than one port to same address is fine.


Yes, but it would be the same access-list.


access-list 100 permit tcp host 1.1.1.1 host 3.3.3.3 eq 80

access-list 100 permit tcp host 2.2.2.2 host 3.3.3.3 eq 1222

access-group 100 in interface outside



Actions

This Discussion