cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
347
Views
0
Helpful
3
Replies

Newb, Port forward

elovelace256
Level 1
Level 1

I have a pix 501 with the outside interface set to dhcp.

The inside interface is 10.6.1.1

How do I forward ftp traffic to 10.6.1.10? also I want to forward port 15000 to port 3389 to host 10.6.1.11 and finally port 80 traffice to 10.6.1.12

I tried a static mapping and it works for one host

static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.2

55 0 0

but if I try to add another it tells me there is a conflict with that rule..I am in need of advice.

THANKS

3 Replies 3

acomiskey
Level 10
Level 10

you've got it..

static (inside,outside) tcp interface ftp 10.6.1.10 ftp netmask 255.255.255.255

static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255

why forward 15000 to 3389 10.6.1.11, you already have it. if you want it to be 15000 to 3389 you have to remove your first one..

no static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.255

static (inside,outside) tcp interface 15000 10.6.1.11 3389 netmask 255.255.255.255

Great thanks! One more question

Can I add more than one port forward per ip address?

Like this

static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255

static (inside,outside) tcp interface 1222 10.6.1.12 1222 netmask 255.255.255.255

Also can I add diffrent access lists to these? say 1.1.1.1 can access port 80 but 2.2.2.2 can only access 1222

Thanks!

Yes, more than one port to same address is fine.

Yes, but it would be the same access-list.

access-list 100 permit tcp host 1.1.1.1 host 3.3.3.3 eq 80

access-list 100 permit tcp host 2.2.2.2 host 3.3.3.3 eq 1222

access-group 100 in interface outside

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: