Skip to main content

Multiple Port Forwarding @ PIX 6.3

More
17 years 6 months ago #21705 by blackswans
I know how to do it when it is only one port but when it is say 2000-2120 UDP of course I cannot enter 120 commands. How can I do that in PDM or CLI ? thanks
More
17 years 6 months ago #21710 by Smurf
Pretty sure you cannot do that within the static command. The way i would do it is to map the ip to ip without the ports and then control access through the Access-list where you can then specify a range of ports within the access-list

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 6 months ago #21711 by blackswans
so you say me to make a static nat and forward all ports? is that true what I understand ?
More
17 years 6 months ago #21716 by semper
As smurf said, you can do a one-to-one nat and control the access via access-lists, such as:

static(dmz,outside) 4.4.4.4 192.168.1.1 255.255.255.255
access-list permit tcp any host 4.4.4.4 range 2020 2120

or you can create 120 static commands on the pix.
More
17 years 6 months ago #21719 by Smurf
Yes, as per semper's example :)

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
17 years 6 months ago #21729 by blackswans
yes but then if I do that can anyone still surf the net?
arent there any way to do that with ACL?
I see there is an ACL option with static (inside,outside) command but I dont know if it works and how to do that?
thanks

Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]

[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
Time to create page: 0.130 seconds