Help with Port Forwarding from Outside Address

Answered Question
Dec 3rd, 2009

Can someone point me to info on port forwarding from an external address to an internal address. This firewall has a DMZ, but the machine I want to port forward to does not sit in the DMZ. All attempts to solve have lead to my machines in the DMZ not working.

Correct Answer by resoares about 7 years 2 months ago

Ok, have you already checked all ACLs for inside and outside directions?

Correct Answer by resoares about 7 years 2 months ago

Hi,


Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.



Br,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
resoares Thu, 12/03/2009 - 12:47

Hi,



Try this command below:



static (inside,outside) tcp 1.1.1.1 www 2.2.2.2 www netmask 255.255.255.255



where 1.1.1.1 = it is your public ip address and 2.2.2.2 it is your internal one ( RFC 1918 ). In this example, the firewall is performing a static PAT for HTTP service. In this case, the reachable ip address for the Internet will be 2.2.2.2



Br,

resoares Thu, 12/03/2009 - 12:48

Sorry, the ip will be 1.1.1.1 to be reachable by Internet

chuckmccants Thu, 12/03/2009 - 13:12

So are you saying:

static (inside,outside) tcp External-IP www Internal-IP www netmask 255.255.255.255

Correct Answer
resoares Fri, 12/04/2009 - 10:12

Hi,


Be aware that an ACL must allow the traffic comes from Internet to DMZ servers.



Br,

chuckmccants Fri, 12/04/2009 - 10:47

Yes,  realize that. But, this is not a DMZ host, it is one that sits on the inside network.

Correct Answer
resoares Fri, 12/04/2009 - 10:53

Ok, have you already checked all ACLs for inside and outside directions?

chuckmccants Sat, 12/05/2009 - 08:44

Got it. I added:

access-list Inside_access_out extended permit tcp any host 192.168.14.252 eq www

access-list Inside_access_out extended permit tcp host 192.168.14.252 eq www any

and everything finally worked.


Thanks again for your help.

Chuck

Actions

This Discussion

Related Content