Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > how to map multiple ports to one internal IP ?

Reply
Thread Tools

how to map multiple ports to one internal IP ?

 
 
Barret Bonden
Guest
Posts: n/a
 
      09-20-2004
Have a server needing a range of ports open behind a pix; ie; outside
users will come in on one public IP and depending on the app be redirected
to one internal IP - so I need to map a range of ports to one IP ; I rember
just enough of my PIX to be confused here ; will STATIC allow for a range of
port mappings ?
It's been a while ...


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      09-20-2004
In article <(E-Mail Removed)>,
Barret Bonden <(E-Mail Removed)> wrote:
: Have a server needing a range of ports open behind a pix; ie; outside
:users will come in on one public IP and depending on the app be redirected
:to one internal IP - so I need to map a range of ports to one IP ; I rember
:just enough of my PIX to be confused here ; will STATIC allow for a range of
ort mappings ?
: It's been a while ...

http://www.cisco.com/univercd/cc/td/....htm#wp1026694

static nat now allows access-lists to be specified; those access-lists
could have a port range in them, in theory.

access-list acl4static permit tcp any interface outside range 30303 30505
access-list acl4static permit tcp any interface outside eq www
access-list acl4static permit tcp any interface outside range 8000 8888
access-list acl4static permit udp any interface outside eq 53
static (inside, outside) interface INSIDEIP netmask 255.255.255.255 access-list acl4static 0 0


I'm not sure what would happen if you were to try the static tcp or
static udp forms (which require single port numbers) and you were then
to put port numbers into the access-list that didn't match the port numbers
of the static command. I would hope that no traffic would get through in
such a case, but I don't know if they tested for that situation...
--
Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
Aleph sub {Aleph sub two} little infinities...
 
Reply With Quote
 
 
 
 
barret bonden
Guest
Posts: n/a
 
      09-21-2004
many thanks , as always -

Could one also have multipe statics ? as is :
static(dmz,outside) tcp interface 192.168.2.149 10000
static(dmz,outside) tcp interface 192.168.2.149 10001
static(dmz,outside) tcp interface 192.168.2.149 10002
etc ?

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:cinie3$fv4$(E-Mail Removed)...
> In article <(E-Mail Removed)>,
> Barret Bonden <(E-Mail Removed)> wrote:
> : Have a server needing a range of ports open behind a pix; ie; outside
> :users will come in on one public IP and depending on the app be

redirected
> :to one internal IP - so I need to map a range of ports to one IP ; I

rember
> :just enough of my PIX to be confused here ; will STATIC allow for a range

of
> ort mappings ?
> : It's been a while ...
>
>

http://www.cisco.com/univercd/cc/td/...sw/v_63/cmdref
/s.htm#wp1026694
>
> static nat now allows access-lists to be specified; those access-lists
> could have a port range in them, in theory.
>
> access-list acl4static permit tcp any interface outside range 30303 30505
> access-list acl4static permit tcp any interface outside eq www
> access-list acl4static permit tcp any interface outside range 8000 8888
> access-list acl4static permit udp any interface outside eq 53
> static (inside, outside) interface INSIDEIP netmask 255.255.255.255

access-list acl4static 0 0
>
>
> I'm not sure what would happen if you were to try the static tcp or
> static udp forms (which require single port numbers) and you were then
> to put port numbers into the access-list that didn't match the port

numbers
> of the static command. I would hope that no traffic would get through in
> such a case, but I don't know if they tested for that situation...
> --
> Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
> Aleph sub {Aleph sub two} little infinities...



 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      09-21-2004
In article <(E-Mail Removed)>,
barret bonden <(E-Mail Removed)> wrote:
:Could one also have multipe statics ? as is :
:static(dmz,outside) tcp interface 192.168.2.149 10000
:static(dmz,outside) tcp interface 192.168.2.149 10001
:static(dmz,outside) tcp interface 192.168.2.149 10002

You could have

static (dmz,outside) tcp interface 10000 192.168.2.149 10000
static (dmz,outside) tcp interface 10001 192.168.2.149 10001

and so on.
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Type of actual ports is not compatible with type of ports of entity. mreister VHDL 1 05-25-2010 11:30 AM
how to put the content of one hash map to another hash map navS C++ 3 05-09-2008 12:52 PM
Pix 506e w/5 static outside IPs - How to create a rule to allow ALL tcp/udp traffic from one outside IP to an internal IP (for an internal router/NAT with it's own subnet) kyoo Cisco 22 04-12-2008 03:37 PM
Recommendations Please for a PCI card w/ two USB 2 Ports and FireWaire Ports Mike Digital Photography 27 02-26-2006 12:54 AM
Listen on multiple ports with one socket? Ryan Stewart Java 1 01-17-2004 08:50 PM



Advertisments