Firewall Wizards mailing list archives
re: pix firewall config quest
From: Mike Hoskins <mike () adept org>
Date: Wed, 13 Aug 2003 18:20:59 -0700 (PDT)
From: "Don Burgess" <don_burgess () hotmail com> Date: Thu, 07 Aug 2003 00:44:20 -0700
sorry for this being such a basic question, but i am using a PIX to learn, and i am trying to fingure out how to forward a port from the incoming interface to a internal ip..
i think you'd do that with a static and an ACL entry...
here is the basic scenario pix 506e internal pat 192.168.1.0 external interface address in my test setup is 10.10.1.208 internal ip that i want to access the port of 192.168.1.10 port that i want to access 3000
there may be a better way, but (long lines wrapped at backslash)... ! just an alias name outsidehost 10.10.1.208 ! you may want to adjust the embryonic limit (32 here) static (inside,outside) outsidehost 192.168.1.10 \ netmask 255.255.255.255 0 32 then in the ACL applied to your external interface (remember, packets from an interface with a lower security level -- e.g. outside -- are not allowed to pass to an interface with a higher security level -- e.g. inside - by default.) you would add a rule allowing the desired traffic, access-list 100 permit tcp any host outsidehost eq 3000 this assumes you're using ACL # 100 to control traffic flow from your outside interface to your inside interface. as such, you should also have an appropriate 'access group' defined, access-group 100 in interface outside -mrh -- From: "Spam Catcher" <spam-catcher () adept org> To: spam-catcher () adept org Do NOT send email to the address listed above or you will be added to a blacklist! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pix firewall config quest Don Burgess (Aug 13)
- <Possible follow-ups>
- RE: pix firewall config quest Ahmed, Balal (Aug 15)
- re: pix firewall config quest Mike Hoskins (Aug 15)