?
Solved

PIX 501 Port Forwarding

Posted on 2004-10-15
5
Medium Priority
?
352 Views
Last Modified: 2010-04-09
Hi Everyone :),

I am setting up an Oracle application server that will be publicily accessible, so i will need to port forward ports: 7777 & 7778 from a public ip to a private ip.

public ip 66.116.70.183
private ip 192.168.101.139

Please help :)

Thanks,
mostym
0
Comment
Question by:mostym
  • 3
  • 2
5 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324383
No problem. Depending on the version of PIX OS.
Assuming 6.x

you need two things. Static, and access-lists.
You did not mention TCP or UDP, so I'll show both:
Option 1 - full one-to-one NAT
   static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255
Option 2 - port forwarding only:
     static (inside,outside) tcp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) tcp 66.116.70.183 7778 192.168.101.139 7778
     static (inside,outside) udp 66.116.70.183 7777 192.168.101.139 7777
     static (inside,outside) udp 66.116.70.183 7778 192.168.101.139 7778

Access-list:
    access-list outside_in permit tcp any 66.116.70.183 range 7777 7778
    access-list outside_in permit udp any 66.116.70.183 range 7777 7778

    access-group outside_in in interface outside

Done


0
 

Author Comment

by:mostym
ID: 12324656
Here is what i added to my config file:

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group outside_in in interface outside

For some reason though, local users are not able to access the internet.  However, this configuration does work for public users, as i had a client connect to it.

Help :)
0
 

Author Comment

by:mostym
ID: 12324690
Sorry this is what i added........

static (inside,outside) 66.116.70.183 192.168.101.139 netmask 255.255.255.255 0 0
access-list appserver permit tcp any host 66.116.70.183 range 7777 7778 (hitcnt=2)
access-list appserver permit udp any host 66.116.70.183 range 7777 7778 (hitcnt=0)
access-list appserver permit ip any any (hitcnt=176)
access-group appserver in interface outside
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12324762
I suspect that you only have the one IP address and you need to use Option #1 port forwarding..
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12324765
Sorry, Option #2 port forwarding..
0

Featured Post

The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question