Hello. I would like to be able to map a Public IP's port to a different port on a Private IP through the PIX 515. For example, if someone telnets into the Publc IP 22.214.171.124, I want it to forward to port 9923 on the private IP 192.168.2.2. Is this possible? Thanks.
and you are asking whether you can use a "full static" on an external IP as well as a port static to redirect just one port to somewhere, then the answer is NO. static commands without port specifications are processed before static commands that have port specifications or access-lists, so you cannot say "all ports except these ones" when you use a full static.
(If you do want to say "all ports except these ones", then you also cannot do it by using static with port specifications. Instead, you would need to use a pair of static's with access-list specifications, one access-list using 'deny' for all of the ports *not* to be forwarded followed by a 'permit' that did not specify a port.)
Hi Walter. Yes it was a typo. Sorry. Thanks for the explanation. Here is exactly what I am trying to do. We have a mainframe that is serving up all kinds of stuff on various ports. We have a public IP translating to the private IP of the mainframe and we have access-list permit lines opening up various ports to the mainframe. It all works fine. Here is the issue. We have a telnet type application running on the mainframe on port 9923. We have nothing running on port 23. We have a potential customer whose IT Department has setup their firewall to block outbound port 9923. They are, however, not blocking outbound port 23. What we were thinking of doing is setting up our firewall redirect requests on the public IP port 23 to internal mainframe IP port 9923 but from reading your explanation it looks like this can not be done. In your last paragraph you talked about using a pair of statics with access-list specifications. Could you show me an example? Now that you see what I am trying to accomplish could you give me some suggestions? Thanks for the help.