04-12-2007 06:38 AM - edited 03-03-2019 04:31 PM
Comcast gave me a block of 5 "real" IP addresses. Internally, we run 192.168 IPs.
So let's say Comcast gave me 74.74.74.70 to 74.74.74.74. I give the outside interface on the PIX 74.74.74.70, I give my email server (which sits off of the SMC router box that Comcast leaves with you) 74.74.74.71. I want to be able to setup 74.74.74.72 to have a domain like docs.mycompany.com, and redirect that to 192.168.10.5. My pix does not have a DMZ, if that matters.
I am struggling with the necessary commands to make this happen! Can someone tell me...I am mired in global(outside) and static (inside,outside) commands!!! And when I issue one and do a "wr m", if I do it wrong, I can't browse the web anymore. And I can't tell, would my test even work from inside? If the PIX sees me coming from 192.168.10.10, and trying to get to one of my 74s, only to be rerouted right back to a 192.168, would it think mayeb I was spoofing?? Anyway, can someone tell me what commands I need?
Thanks.
04-12-2007 08:09 AM
You should not have to change your global and NAT statements. You need to create a static NAT like the one below.
static (inside,outside) tcp 74.74.74.72 80 192.168.10.5 80 netmask 255.255.255.255 0 0
There a ton of options here, so you might want to do a little extra research. Don't forget to grant access via the ACL as well. Testing from the inside will not work, but depending on your PIXOS there is a work around. What version are you running?
HTH and please rate.
04-12-2007 09:35 AM
What do I have to do with the ACL?
04-12-2007 09:40 AM
Permit the traffic throught the firewall. For example-
access-list outside_access permit tcp any host 74.74.74.72 eq 80
outside_access is the name of the ACL applied to the outside interface.
HTH and please rate.
04-12-2007 01:14 PM
I am running PIX 6.3.
You are right, from inside, it does not work. From outside, it works fine.
Is there a workaround so it appears to work from inside? Would be a big help!
04-12-2007 05:01 PM
sometimes you have to:
static(inside,outside) Real_IP Local_IP
access-list acl-outside permit tcp any Real_IP eq 80
....
access-list acl-inside permit tcp Local_IP any eq 80
.
04-13-2007 09:49 AM
Please lookup the alias command for the work around.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide