help with port forwarding with PIX 515E

I need some assistance with port forwarding on my pix 515E. I need to forward port 6100 to my file server, but i can't get it to work. Can anyone help me with this? The pix is on version 6.3(1)

this is what i have now:

static (inside,outside) tcp x.x.x.x 6100 192.168.1.12 6100 netmask

255.255.255.255 0 0 access-list outside permit tcp any host x.x.x.x eq 6100

thanks in advance

Reply to
KarimMTI
Loading thread data ...

Note: 6.3(1) through 6.3(5) have security problems sufficient that if you are the registered owner of the system (e.g., not an ebay acquisition) then you are entitled to a free upgrade to a later 6.3(5)* rebuild.

And of course

access-group outside in interface outside

The above syntax would work provided that host x.x.x.x was NOT the same as the external interface IP address. If you are trying to NAT the external interface IP address, you would need to use

static (inside,outside) tcp interface 6100 192.168.1.12 6100 netmask

255.255.255.255 0 0 access-list outside permit tcp any interface outside eq 6100 access-group outside in interface outside

The word 'interface' and 'interface outside' there are literals.

The requirement to use 'interface' changed in 7.0, I understand.

Reply to
Walter Roberson

there is a static route plugged in: static (inside,outside) x.x.x.x

192.168.1.12 netmask 255.255.255.255 0 0

so i thought that x.x.x.x should be the same for "access-list outside permit tcp any host x.x.x.x eq 6100"

Reply to
KarimMTI

I am saying that in PIX 6, if the IP address you are trying to NAT into is the IP address of the PIX external interface, then you cannot use the commands you had, and instead need to use the slightly different commands I showed (that use the keywords 'interface' instead of the interface IP address.)

If the IP address you are trying to NAT into is -different- than the PIX external interface IP address, then the commands you had are fine (provided you have "access-group outside in interface outside").

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.