Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Newb, Port forward

I have a pix 501 with the outside interface set to dhcp.

The inside interface is 10.6.1.1

How do I forward ftp traffic to 10.6.1.10? also I want to forward port 15000 to port 3389 to host 10.6.1.11 and finally port 80 traffice to 10.6.1.12

I tried a static mapping and it works for one host

static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.2

55 0 0

but if I try to add another it tells me there is a conflict with that rule..I am in need of advice.

THANKS

3 REPLIES
Green

Re: Newb, Port forward

you've got it..

static (inside,outside) tcp interface ftp 10.6.1.10 ftp netmask 255.255.255.255

static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255

why forward 15000 to 3389 10.6.1.11, you already have it. if you want it to be 15000 to 3389 you have to remove your first one..

no static (inside,outside) tcp interface 3389 10.6.1.11 3389 netmask 255.255.255.255

static (inside,outside) tcp interface 15000 10.6.1.11 3389 netmask 255.255.255.255

New Member

Re: Newb, Port forward

Great thanks! One more question

Can I add more than one port forward per ip address?

Like this

static (inside,outside) tcp interface 80 10.6.1.12 80 netmask 255.255.255.255

static (inside,outside) tcp interface 1222 10.6.1.12 1222 netmask 255.255.255.255

Also can I add diffrent access lists to these? say 1.1.1.1 can access port 80 but 2.2.2.2 can only access 1222

Thanks!

Green

Re: Newb, Port forward

Yes, more than one port to same address is fine.

Yes, but it would be the same access-list.

access-list 100 permit tcp host 1.1.1.1 host 3.3.3.3 eq 80

access-list 100 permit tcp host 2.2.2.2 host 3.3.3.3 eq 1222

access-group 100 in interface outside

175
Views
0
Helpful
3
Replies
CreatePlease to create content