Solved

PIX 501 Port Forwarding

Posted on 2004-10-15
5
346 Views
Last Modified: 2010-04-09
Hi Everyone :),

I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.

public ip 66.116.70.183
private ip 192.168.101.139

Please help :)

Thanks,
mostym
0
Comment
Question by:mostym
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324383
No problem. Depending on the version of PIX OS.
Assuming 6.x

you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
   static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
     static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
     static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778

Access-list:
    access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
    access-list outside_in permit udp any 66.116.70.183 range 7777 7778

    access-group outside_in in interface outside

Done


0
 

Author Comment

by:mostym
ID: 12324656
Here is what i added to my config file:

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside

For some reason though, local users are not able to access the internet.  However, this configuration does work for public users, as i had a client connect to it.

Help :)
0
 

Author Comment

by:mostym
ID: 12324690
Sorry this is what i added........

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324762
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12324765
Sorry, Option #2 port forwarding..
0

Featured Post

Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question