Port Forwarding (Bittorent)

Discussion in 'Cisco' started by Mike, Jun 4, 2004.

  1. Mike

    Mike Guest

    If I want to forward this range of ports (6881-6999) to a host on the inside
    of my pix (10.1.150.104), would this statement cover it?

    access-list 100 permit tcp host any host 10.1.150.104 eq 6881-6999

    Thanks,
    Mike
     
    Mike, Jun 4, 2004
    #1
    1. Advertisements

  2. Mike

    News Account Guest

    access-list acl_name permit tcp host any host 10.1.150.104 range 6881 6999

    If you're using NAT then you'll also need a static translation.

    Don Woodward
     
    News Account, Jun 4, 2004
    #2
    1. Advertisements

  3. :If I want to forward this range of ports (6881-6999) to a host on the inside
    :eek:f my pix (10.1.150.104), would this statement cover it?

    :access-list 100 permit tcp host any host 10.1.150.104 eq 6881-6999

    No. You need to

    static (inside, outside) tcp interface 6881 10.1.150.104 6881 netmask 255.255.255.255
    static (inside, outside) tcp interface 6882 10.1.150.104 6882 netmask 255.255.255.255
    static (inside, outside) tcp interface 6883 10.1.150.104 6883 netmask 255.255.255.255
    [...] 110-some odd individual static's here
    static (inside, outside) tcp interface 6999 10.1.150.104 6999 netmask 255.255.255.255

    PIX 6.2 or 6.3(1):
    access-list 100 permit tcp any interface range 6881 6999
    access-group 100 in interface outside

    PIX 6.3(2) or later:

    access-list 100 permit tcp any interface outside range 6881 6999


    There is no way on the PIX to do static PAT for a range of ports.
     
    Walter Roberson, Jun 4, 2004
    #3
  4. Mike

    Mike Guest

    Thanks Walter! :)
     
    Mike, Jun 4, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.