how to map multiple ports to one internal IP ?

Discussion in 'Cisco' started by Barret Bonden, Sep 20, 2004.

  1. Have a server needing a range of ports open behind a pix; ie; outside
    users will come in on one public IP and depending on the app be redirected
    to one internal IP - so I need to map a range of ports to one IP ; I rember
    just enough of my PIX to be confused here ; will STATIC allow for a range of
    port mappings ?
    It's been a while ...
    Barret Bonden, Sep 20, 2004
    #1
    1. Advertising

  2. In article <>,
    Barret Bonden <> wrote:
    : Have a server needing a range of ports open behind a pix; ie; outside
    :users will come in on one public IP and depending on the app be redirected
    :to one internal IP - so I need to map a range of ports to one IP ; I rember
    :just enough of my PIX to be confused here ; will STATIC allow for a range of
    :port mappings ?
    : It's been a while ...

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/s.htm#wp1026694

    static nat now allows access-lists to be specified; those access-lists
    could have a port range in them, in theory.

    access-list acl4static permit tcp any interface outside range 30303 30505
    access-list acl4static permit tcp any interface outside eq www
    access-list acl4static permit tcp any interface outside range 8000 8888
    access-list acl4static permit udp any interface outside eq 53
    static (inside, outside) interface INSIDEIP netmask 255.255.255.255 access-list acl4static 0 0


    I'm not sure what would happen if you were to try the static tcp or
    static udp forms (which require single port numbers) and you were then
    to put port numbers into the access-list that didn't match the port numbers
    of the static command. I would hope that no traffic would get through in
    such a case, but I don't know if they tested for that situation...
    --
    Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
    Aleph sub {Aleph sub two} little infinities...
    Walter Roberson, Sep 20, 2004
    #2
    1. Advertising

  3. many thanks , as always -

    Could one also have multipe statics ? as is :
    static(dmz,outside) tcp interface 192.168.2.149 10000
    static(dmz,outside) tcp interface 192.168.2.149 10001
    static(dmz,outside) tcp interface 192.168.2.149 10002
    etc ?

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:cinie3$fv4$...
    > In article <>,
    > Barret Bonden <> wrote:
    > : Have a server needing a range of ports open behind a pix; ie; outside
    > :users will come in on one public IP and depending on the app be

    redirected
    > :to one internal IP - so I need to map a range of ports to one IP ; I

    rember
    > :just enough of my PIX to be confused here ; will STATIC allow for a range

    of
    > :port mappings ?
    > : It's been a while ...
    >
    >

    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref
    /s.htm#wp1026694
    >
    > static nat now allows access-lists to be specified; those access-lists
    > could have a port range in them, in theory.
    >
    > access-list acl4static permit tcp any interface outside range 30303 30505
    > access-list acl4static permit tcp any interface outside eq www
    > access-list acl4static permit tcp any interface outside range 8000 8888
    > access-list acl4static permit udp any interface outside eq 53
    > static (inside, outside) interface INSIDEIP netmask 255.255.255.255

    access-list acl4static 0 0
    >
    >
    > I'm not sure what would happen if you were to try the static tcp or
    > static udp forms (which require single port numbers) and you were then
    > to put port numbers into the access-list that didn't match the port

    numbers
    > of the static command. I would hope that no traffic would get through in
    > such a case, but I don't know if they tested for that situation...
    > --
    > Aleph sub {Aleph sub null} little, Aleph sub {Aleph sub one} little,
    > Aleph sub {Aleph sub two} little infinities...
    barret bonden, Sep 21, 2004
    #3
  4. In article <>,
    barret bonden <> wrote:
    :Could one also have multipe statics ? as is :
    :static(dmz,outside) tcp interface 192.168.2.149 10000
    :static(dmz,outside) tcp interface 192.168.2.149 10001
    :static(dmz,outside) tcp interface 192.168.2.149 10002

    You could have

    static (dmz,outside) tcp interface 10000 192.168.2.149 10000
    static (dmz,outside) tcp interface 10001 192.168.2.149 10001

    and so on.
    --
    "No one has the right to destroy another person's belief by
    demanding empirical evidence." -- Ann Landers
    Walter Roberson, Sep 22, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?YXJ6aTg4?=

    map ports

    =?Utf-8?B?YXJ6aTg4?=, Dec 10, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    600
    Carey Holzman
    Dec 10, 2004
  2. Joe
    Replies:
    5
    Views:
    12,601
    Matty M
    Nov 3, 2005
  3. Adii
    Replies:
    2
    Views:
    825
  4. Replies:
    4
    Views:
    707
    Barry Margolin
    Mar 2, 2008
  5. Geoffrey Sinclair

    Policy map using policy map

    Geoffrey Sinclair, Jul 27, 2009, in forum: Cisco
    Replies:
    1
    Views:
    520
    bod43
    Jul 27, 2009
Loading...

Share This Page