06-11-2008 07:23 AM - edited 03-03-2019 10:19 PM
Hi,
Can someone help me with ftp port forwarding config on PIX515E?
Sample:
Public IP--->PIX------------>Router------>FTP Server
202.176.x.x->PIX->10.233.x.x->Router->10.234.x.x->FTP Server
I only need to forward the ftp ports (20 & 21)only.
Thanks
Cliff
06-11-2008 07:27 AM
On the pix
static (inside,outside) tcp 202.176.x.x 20 10.234.x.x 20
static (inside,outside) tcp 202.176.x.x. 21 10.234.x.x. 21
and obviously allow it in an access-list.
If 202.176.x.x is the public IP address of the pix external interface then replace the address with keyword interface in the above static's eg.
static (inside,outside) tcp interface 20 10.234.x.x 20
Jon
06-14-2008 10:37 PM
Hi jon,
I have tried the sample you gave but still it doesn't work, i guess i have given an incomplete details.
Here is the complete setup.
Public->Router----->PIX------>Router-->FTPServer
202.176.x.x->203.175.x.x->y.y.y.y->10.130.x.x
>I just need to port forward ftp traffic to 10.130.x.x from the web.
>Is it possible if i will be pointing an ftp traffic to 203.175.x.x ip from the web then the pix will forward it to 10.130.x.x ftp server? Also made a trace on 203.175.x.x and it will pass through 202.176.x.x Router, but the problem is it's not working.
Thanks
Cliff
06-11-2008 07:33 AM
static (inside,outside) tcp 202.176.x.x 20 10.234.x.x 20 netmask 255.255.255.255
static (inside,outside) tcp 202.176.x.x 21 10.234.x.x 21 netmask 255.255.255.255
You'll also need to add access in your access list.
Hope that helps
UPDATE: Sorry Jon, you type faster than I do!
06-11-2008 07:35 AM
No problem Collin, happens to me all the time. I thought i was the slowest typist on NetPro :-)
06-11-2008 07:41 AM
.
06-11-2008 09:31 AM
After the config,you might want to verify via tcpdump on traffic.
On a Pix 515 you would issue the capture commmand Ex(See Below)
capture testcap
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide