- Posts: 11
- Thank you received: 0
Multiple Port Forwarding @ PIX 6.3
- blackswans
- Topic Author
- Offline
- New Member
Less
More
17 years 7 months ago #21705
by blackswans
Multiple Port Forwarding @ PIX 6.3 was created by blackswans
I know how to do it when it is only one port but when it is say 2000-2120 UDP of course I cannot enter 120 commands. How can I do that in PDM or CLI ? thanks
17 years 7 months ago #21710
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Multiple Port Forwarding @ PIX 6.3
Pretty sure you cannot do that within the static command. The way i would do it is to map the ip to ip without the ports and then control access through the Access-list where you can then specify a range of ports within the access-list
Cheers
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- blackswans
- Topic Author
- Offline
- New Member
Less
More
- Posts: 11
- Thank you received: 0
17 years 7 months ago #21711
by blackswans
Replied by blackswans on topic Re: Multiple Port Forwarding @ PIX 6.3
so you say me to make a static nat and forward all ports? is that true what I understand ?
17 years 7 months ago #21716
by semper
James
www.securitygeek.net
Replied by semper on topic Re: Multiple Port Forwarding @ PIX 6.3
As smurf said, you can do a one-to-one nat and control the access via access-lists, such as:
static(dmz,outside) 4.4.4.4 192.168.1.1 255.255.255.255
access-list permit tcp any host 4.4.4.4 range 2020 2120
or you can create 120 static commands on the pix.
static(dmz,outside) 4.4.4.4 192.168.1.1 255.255.255.255
access-list permit tcp any host 4.4.4.4 range 2020 2120
or you can create 120 static commands on the pix.
James
www.securitygeek.net
17 years 7 months ago #21719
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Multiple Port Forwarding @ PIX 6.3
Yes, as per semper's example
Cheers
Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
- blackswans
- Topic Author
- Offline
- New Member
Less
More
- Posts: 11
- Thank you received: 0
17 years 7 months ago #21729
by blackswans
Replied by blackswans on topic Re: Multiple Port Forwarding @ PIX 6.3
yes but then if I do that can anyone still surf the net?
arent there any way to do that with ACL?
I see there is an ACL option with static (inside,outside) command but I dont know if it works and how to do that?
thanks
Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
arent there any way to do that with ACL?
I see there is an ACL option with static (inside,outside) command but I dont know if it works and how to do that?
thanks
Usage: [no] static [(real_ifc, mapped_ifc)]
{<mapped_ip>|interface}
{<real_ip> [netmask <mask>]} | {access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
[no] static [(real_ifc, mapped_ifc)] {tcp|udp}
{<mapped_ip>|interface} <mapped_port>
{<real_ip> <real_port> [netmask <mask>]} |
{access-list <acl_name>}
[dns] [norandomseq] [<max_conns> [<emb_lim>]]
Time to create page: 0.150 seconds