03-05-2007 12:38 PM - edited 03-11-2019 02:41 AM
I have a pix 501 with the outside interface set to dhcp.
The inside interface is 10.6.1.1
How do I forward ftp traffic to 10.6.1.10? also I want to forward port 15000 to port 3389 to host 10.6.1.11 and finally port 80 traffice to 10.6.1.12
I tried a static mapping and it works for one host
static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.2
55 0 0
but if I try to add another it tells me there is a conflict with that rule..I am in need of advice.
THANKS
03-05-2007 01:22 PM
you've got it..
static (inside,outside) tcp interface ftp 10.6.1.10 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255
why forward 15000 to 3389 10.6.1.11, you already have it. if you want it to be 15000 to 3389 you have to remove your first one..
no static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.255
static (inside,outside) tcp interface 15000 10.6.1.11 3389 netmask 255.255.255.255
03-05-2007 03:08 PM
Great thanks! One more question
Can I add more than one port forward per ip address?
Like this
static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255
static (inside,outside) tcp interface 1222 10.6.1.12 1222 netmask 255.255.255.255
Also can I add diffrent access lists to these? say 1.1.1.1 can access port 80 but 2.2.2.2 can only access 1222
Thanks!
03-05-2007 04:21 PM
Yes, more than one port to same address is fine.
Yes, but it would be the same access-list.
access-list 100 permit tcp host 1.1.1.1 host 3.3.3.3 eq 80
access-list 100 permit tcp host 2.2.2.2 host 3.3.3.3 eq 1222
access-group 100 in interface outside
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: