Solved

PIX 501 Port Forwarding

Posted on 2004-10-15
5
345 Views
Last Modified: 2010-04-09
Hi Everyone :),

I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.

public ip 66.116.70.183
private ip 192.168.101.139

Please help :)

Thanks,
mostym
0
Comment
Question by:mostym
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324383
No problem. Depending on the version of PIX OS.
Assuming 6.x

you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
   static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
     static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
     static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778

Access-list:
    access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
    access-list outside_in permit udp any 66.116.70.183 range 7777 7778

    access-group outside_in in interface outside

Done


0
 

Author Comment

by:mostym
ID: 12324656
Here is what i added to my config file:

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside

For some reason though, local users are not able to access the internet.  However, this configuration does work for public users, as i had a client connect to it.

Help :)
0
 

Author Comment

by:mostym
ID: 12324690
Sorry this is what i added........

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324762
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12324765
Sorry, Option #2 port forwarding..
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question