PIX 501 port forwarding question

Hello,

I am trying to setup port forwarding on my pix 501. i have an internal server that runs an application on port 2666-2667. i want to set it up so that any request on the external network to our public ip of 77.x.x.x on port 2666-2667 is sent to the internal server at 10.1.1.7 and it can send responses back to the client. Should I do this with port forwarding? This is what I have setup after reading over the PIX command documentation:

access-list outside_access_in permit tcp any interface outside range 2666 2667
static (inside,outside) tcp interface 2666 10.1.1.7 2666 netmask 255.255.255.255 0 0
static (inside,outside) tcp interface 2667 10.1.1.7 2667 netmask 255.255.255.255 0 0

I have something setup wrong because the application cannot communicate with the internal server from the external network.

any help that can point me in the right direction is much appreciated.

love this board!

You also need to "link" the access list to the right interface.

Try this command:

access-group outside_access_in in interface outside

That works for me...

i think that works. thanks.

one more quick question. if I have a second public IP bound on the firewall, can I NAT that IP to an internal IP with the PIX 501?

all requests to 77.x.x.22 goto 10.1.1.9