Port redirection with dynamic PAT

[brand]

Just got a PIX and am trying some port redirection.

I've done it before with a static address on outside, but I am using it at home on cable, with a dynamic IP.

Here are the commands to forward TCP port 27130 to my PC 192.168.1.10, from any host, inbound on interface outside

static (inside,outside) tcp interface 27130 192.168.1.10 27130
access-list acl_out line 1 permit tcp any host 192.168.1.10 eq 27130
access-group acl_out in interface outside

Call me crazy, but this should work. Right?!

Edited April 28, 2008 by brand

[cjbeckwith]

Setting Cisco firewalls up on dynamic setups is a bit confusing. Here is what I have on my 5505ASA, which works fine. Should be very similar for a PIX.

access-list outside_in extended permit tcp any interface outside eq www

static (inside,outside) tcp interface www 192.168.0.20 www netmask 255.255.255.255

access-group outside_in in interface outside

I think your acl is what is tripping you up.

[brand]

Setting Cisco firewalls up on dynamic setups is a bit confusing. Here is what I have on my 5505ASA, which works fine. Should be very similar for a PIX.

access-list outside_in extended permit tcp any interface outside eq www

static (inside,outside) tcp interface www 192.168.0.20 www netmask 255.255.255.255

access-group outside_in in interface outside

I think your acl is what is tripping you up.

Cool. I'll try this later today.

Thanks,

Matt

[cjbeckwith]

Let us know how it works out.

[brand]

Let us know how it works out.

Nick Hexum, the one who knows about PIX:

PIX IOS 6.3...

access-list outside_in permit tcp any interface outside eq PORT_NUMBER
static (inside,outside) tcp interface PORT_NUMBER HOST PORT_NUMBER netmask HOST(S)_NETMASK
access-group outside_in in interface outside

Nice. Thanks.

[cjbeckwith]

"Nick Hexum, the one who knows about PIX:"

LOL

Glad it worked.