using public ip to my server

hi
i have pix 525 how i can enable use IP 82.205.129.6 to my PC after pix 525 iam not want to use static nat
i want to use this IP

thanks
nasemabdullaaAsked:
Who is Participating?
 
rsivanandanCommented:
The same way you can do those as well; Lets say you want to use a public ip x.x.x.x to open these, then this is the syntax;

static(inside,outside) tcp x.x.x.x <port> <InternalIP> <port>

for http;

static(inside,outside) tcp x.x.x.x 80 <InternalIP> 80

Then access-lists;

access-list <Name> permit tcp any host x.x.x.x eq 80

access-group <Name> in interface outside.

Hope that makes it clear for you now?

Cheers,
Rajesh
0
 
Freya28Commented:
so you want the machine to have this ip and you dont want a one to one nat rule?  then i recommend configuring a dmz and give the nic card the actual public ip.
0
 
fm250Commented:
the best way is to fwd the needed ports to that pc instead. otherwise no use of the real puprpose of the pix. the pix firewall block lot of traffic that may cause you problems. you can post back and tell us what ports or services needed to be running on that pc and we probably can help you fwd these ports to that pc instead.

hope this helps!
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
rsivanandanCommented:
Okay, so is this ip assigned to the outside interface of the pix already? If so, you need this;

static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

access-list outsidein permit ip any host interface outside eq www

access-list outsidein in interface outside

Cheers,
Rajesh
0
 
Freya28Commented:
i thought he said he does NOT want to use static nat
0
 
rsivanandanCommented:
The above is NOT static nat, but port forward. Only works from outside to inside for that port right ?

Cheers,
Rajesh
0
 
Freya28Commented:
true,  i looked wuick at the statci rajesh.  wouldnt this ponly work if his outside interface on the pix is 82.205.129.6. the ip he included above.  i assumed this was afree public ip within his range, not the ip of the outside of the pix
0
 
rsivanandanCommented:
There is no way in the world you can create a nat in PIX without using static statements. So I assumed that probably he is saying that he's got only a single ip and need to use that?

Cheers,
Rajesh
0
 
Freya28Commented:
well if he does have a range of publics and he has the 525, he most likely has 3 or more interfaces and i would recommend a dmz
0
 
nasemabdullaaAuthor Commented:
hi
thanks for all
i have the range (82.205.129.2 to 82.205.129.64) public ip and i can use any one i need
 i use static nat in my network from 82.205.129.3 to 82.205.129.43
and i can use any one from the rest
what is the best way to do that

thanks

0
 
fm250Commented:
nasemabdullaa,
do you care about security? is it of any concern to you.
if so use the:  static(inside,outside) tcp interface www <internalpc> www netmask 255.255.255.255

mentioned by rsivanandan, then fwd the ports for the services listening only, so you can fwd www, ftp , ssh and so on. just state what services needed on that pc such as web server, sql server, ftp.....etc. and can provide you the code needed. permitting all trafic can make your internal box vunerable to attacks.

Hope this gives you some insisght.
0
 
nasemabdullaaAuthor Commented:
hi
thanks for your reply
i want to open these port in my pc www,smtp,pop3,ftp,telnet,ssh,3389

thanks
0
 
nasemabdullaaAuthor Commented:
hi rsivanandan
thanks for your reply
lets say i want to use these ip 62.68.65.51 in my server the command that
static(inside,outside) tcp 62.68.65.51 80 <InternalIP> <port> netmask 255.255.255.255


what must i put in <InternalIP> <port>

thanks
0
 
rsivanandanCommented:
<InternalIP> would be your internal webserver to which you want to do the port forwarding to be done so that any web request that comes to 62.68.65.51 will be forwarded to the internal machine.

<Port> = 80

Cheers,
Rajesh
0
 
nasemabdullaaAuthor Commented:
hi
thanks for all
0
 
rsivanandanCommented:
You're Welcome.

Cheers,
Rajesh
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.