mostym
asked on
PIX 501 Port Forwarding
Hi Everyone :),
I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.
public ip 66.116.70.183
private ip 192.168.101.139
Please help :)
Thanks,
mostym
I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.
public ip 66.116.70.183
private ip 192.168.101.139
Please help :)
Thanks,
mostym
ASKER
Here is what i added to my config file:
static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside
For some reason though, local users are not able to access the internet. However, this configuration does work for public users, as i had a client connect to it.
Help :)
static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside
For some reason though, local users are not able to access the internet. However, this configuration does work for public users, as i had a client connect to it.
Help :)
ASKER
Sorry this is what i added........
static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Assuming 6.x
you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778
Access-list:
access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
access-list outside_in permit udp any 66.116.70.183 range 7777 7778
access-group outside_in in interface outside
Done