06-14-2008 11:24 PM - edited 03-03-2019 10:21 PM
Hi,
Could someone help me with configuring FTP port forwarding with pix515e?.
Have tried this setup:
static (inside,outside) tcp 203.175.x.x 20 10.130.x.x 20
static (inside,outside) tcp 203.175.x.x. 21 10.130.x.x. 21
Then added it to the allow list of access-list.
Here is the complete setup.
Public->Router----->PIX------>Router-->FTPServer
202.176.x.x->203.175.x.x->y.y.y.y->10.130.x.x
>I just need to port forward ftp traffic to 10.130.x.x from the web.
>is it possible if i will be pointing an ftp traffic to 203.175.x.x ip from the web then the pix will forward it to 10.130.x.x ftp server?
I already made a post, but unfortunately i have given the incomplete setup and the guys that had replied are not yet available as of this time.
Thanks
Cliff
06-14-2008 11:57 PM
Configure your statics without the port numbers.
static (inside,outside) 203.175.x.x 10.130.x.x
On the access-list permit ftp and ftp-data to the outside address.
access-list acl-in permit tcp any host 203.175.x.x eq ftp
access-list acl-in permit tcp any host 203.175.x.x eq ftp-data
Enable ftp fixup (PIX 6.x) or inspect ftp (PIX 7.x)
You need the static to not limit ports. This is to encompass both the initial control and data ports as well as high ports that will be used during the actual transfer. The fixup or inspect rule will allow stateful inspection and opening/closing of dynamic ports as required.
06-15-2008 02:19 AM
Hi,
Is it ok if I will be using and ip address within 203.175.x.x block that's not being used?.
Thanks
Cliff
06-15-2008 05:03 AM
Yes. Use an address within the subnet of the outside interface other than that of the PIX itself.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide