Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   how to map multiple ports to one internal IP ? (http://www.velocityreviews.com/forums/t35464-how-to-map-multiple-ports-to-one-internal-ip.html)

Barret Bonden 09-20-2004 08:37 PM

how to map multiple ports to one internal IP ?
 
Have a server needing a range of ports open behind a pix; ie; outside
users will come in on one public IP and depending on the app be redirected
to one internal IP - so I need to map a range of ports to one IP ; I rember
just enough of my PIX to be confused here ; will STATIC allow for a range of
port mappings ?
It's been a while ...



Walter Roberson 09-20-2004 09:34 PM

Re: how to map multiple ports to one internal IP ?
 
In article <WbudnWufe9Y8otLcRVn-uQ@conversent.net>,
Barret Bonden <support@networks-cc.com> wrote:
: Have a server needing a range of ports open behind a pix; ie; outside
:users will come in on one public IP and depending on the app be redirected
:to one internal IP - so I need to map a range of ports to one IP ; I rember
:just enough of my PIX to be confused here ; will STATIC allow for a range of
:port mappings ?
: It's been a while ...

http://www.cisco.com/univercd/cc/td/....htm#wp1026694

static nat now allows access-lists to be specified; those access-lists
could have a port range in them, in theory.

access-list acl4static permit tcp any interface outside range 30303 30505
access-list acl4static permit tcp any interface outside eq www
access-list acl4static permit tcp any interface outside range 8000 8888
access-list acl4static permit udp any interface outside eq 53
static (inside, outside) interface INSIDEIP netmask 255.255.255.255 access-list acl4static 0 0


I'm not sure what would happen if you were to try the static tcp or
static udp forms (which require single port numbers) and you were then
to put port numbers into the access-list that didn't match the port numbers
of the static command. I would hope that no traffic would get through in
such a case, but I don't know if they tested for that situation...
--
Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
Aleph sub {Aleph sub two} little infinities...

barret bonden 09-21-2004 09:25 PM

Re: how to map multiple ports to one internal IP ?
 
many thanks , as always -

Could one also have multipe statics ? as is :
static(dmz,outside) tcp interface 192.168.2.149 10000
static(dmz,outside) tcp interface 192.168.2.149 10001
static(dmz,outside) tcp interface 192.168.2.149 10002
etc ?

"Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
news:cinie3$fv4$1@canopus.cc.umanitoba.ca...
> In article <WbudnWufe9Y8otLcRVn-uQ@conversent.net>,
> Barret Bonden <support@networks-cc.com> wrote:
> : Have a server needing a range of ports open behind a pix; ie; outside
> :users will come in on one public IP and depending on the app be

redirected
> :to one internal IP - so I need to map a range of ports to one IP ; I

rember
> :just enough of my PIX to be confused here ; will STATIC allow for a range

of
> :port mappings ?
> : It's been a while ...
>
>

http://www.cisco.com/univercd/cc/td/...sw/v_63/cmdref
/s.htm#wp1026694
>
> static nat now allows access-lists to be specified; those access-lists
> could have a port range in them, in theory.
>
> access-list acl4static permit tcp any interface outside range 30303 30505
> access-list acl4static permit tcp any interface outside eq www
> access-list acl4static permit tcp any interface outside range 8000 8888
> access-list acl4static permit udp any interface outside eq 53
> static (inside, outside) interface INSIDEIP netmask 255.255.255.255

access-list acl4static 0 0
>
>
> I'm not sure what would happen if you were to try the static tcp or
> static udp forms (which require single port numbers) and you were then
> to put port numbers into the access-list that didn't match the port

numbers
> of the static command. I would hope that no traffic would get through in
> such a case, but I don't know if they tested for that situation...
> --
> Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
> Aleph sub {Aleph sub two} little infinities...




Walter Roberson 09-21-2004 11:08 PM

Re: how to map multiple ports to one internal IP ?
 
In article <2rbkhmF17hhipU1@uni-berlin.de>,
barret bonden <arthurheyman@earthlink.net> wrote:
:Could one also have multipe statics ? as is :
:static(dmz,outside) tcp interface 192.168.2.149 10000
:static(dmz,outside) tcp interface 192.168.2.149 10001
:static(dmz,outside) tcp interface 192.168.2.149 10002

You could have

static (dmz,outside) tcp interface 10000 192.168.2.149 10000
static (dmz,outside) tcp interface 10001 192.168.2.149 10001

and so on.
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers


All times are GMT. The time now is 08:53 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.