brand Posted April 27, 2008 Share Posted April 27, 2008 (edited) Just got a PIX and am trying some port redirection. I've done it before with a static address on outside, but I am using it at home on cable, with a dynamic IP. Here are the commands to forward TCP port 27130 to my PC 192.168.1.10, from any host, inbound on interface outside static (inside,outside) tcp interface 27130 192.168.1.10 27130 access-list acl_out line 1 permit tcp any host 192.168.1.10 eq 27130 access-group acl_out in interface outside Call me crazy, but this should work. Right?! Edited April 28, 2008 by brand Link to comment Share on other sites More sharing options...
cjbeckwith Posted May 2, 2008 Share Posted May 2, 2008 Setting Cisco firewalls up on dynamic setups is a bit confusing. Here is what I have on my 5505ASA, which works fine. Should be very similar for a PIX. access-list outside_in extended permit tcp any interface outside eq www static (inside,outside) tcp interface www 192.168.0.20 www netmask 255.255.255.255 access-group outside_in in interface outside I think your acl is what is tripping you up. Link to comment Share on other sites More sharing options...
brand Posted May 2, 2008 Author Share Posted May 2, 2008 Setting Cisco firewalls up on dynamic setups is a bit confusing. Here is what I have on my 5505ASA, which works fine. Should be very similar for a PIX.access-list outside_in extended permit tcp any interface outside eq www static (inside,outside) tcp interface www 192.168.0.20 www netmask 255.255.255.255 access-group outside_in in interface outside I think your acl is what is tripping you up. Cool. I'll try this later today. Thanks, Matt Link to comment Share on other sites More sharing options...
cjbeckwith Posted May 3, 2008 Share Posted May 3, 2008 Let us know how it works out. Link to comment Share on other sites More sharing options...
brand Posted May 3, 2008 Author Share Posted May 3, 2008 Let us know how it works out. Nick Hexum, the one who knows about PIX: PIX IOS 6.3... access-list outside_in permit tcp any interface outside eq PORT_NUMBER static (inside,outside) tcp interface PORT_NUMBER HOST PORT_NUMBER netmask HOST(S)_NETMASK access-group outside_in in interface outside Nice. Thanks. Link to comment Share on other sites More sharing options...
cjbeckwith Posted May 8, 2008 Share Posted May 8, 2008 "Nick Hexum, the one who knows about PIX:" LOL Glad it worked. Link to comment Share on other sites More sharing options...
Recommended Posts