Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX 501 Port forwarding

from [mbeck] Network Security [Permanent Link]
Subject: RE: PIX 501 Port forwarding
Date: Wed, 16 Mar 2005 14:41:54 -0600 
Hello,

Nope, you can do what you need to quite easily.  You could even do it if
the outside interface was DHCP - just replace the outside IP with the
keyword "interface."  Research the static command for more info.

Static (inside,outside) tcp host [single IP add of outside int] 80
[inside ip of web server] 80 net 255.255.255.255

This static command will translate port 80 to the outside IP into the
inside IP also on port 80.  Then you also need an access-list and
access-group command to permit the inbound traffic from the Internet to
the inside...

Access-list out-in perm tcp any host [single IP add of outside int] eq
80
Access-group out-in in interface outside

This will permit port 80 through to inside network.  I'm presuming that
you are using some 6.3 flavor of the code in the above examples.

Good luck!

Matt

-----Original Message-----
From: Brett [mailto:bretticus@gmail.com] 
Sent: Wednesday, March 16, 2005 10:06 AM
To: firewalls@securityfocus.com
Subject: PIX 501 Port forwarding

Hi,

I have a client who has installed a PIX 501. The client was given just
one ip address which has been configuered as the outside interface.
The end result is they want to forward http traffic to a Web server
within. PAT is configured via:

global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

The problem is that it appears one cannot static the outside interface
to a local address (I assume this is true from the config examples I
have seen on the Web.) I have also witnessed my ssh connection drop when
I try ;-) On a cheap Linksys (etc.) this is trivial. Do I really need
two routable ip addresses so that one can be the outside interface on
the PIX and the other ip map to an inside address?

Thanks!

------------------------------------------------------------------------
--
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric firewall
software - protecting your laptops and corporate PCs at ring-zero! NetOp
features sophisticated process & application control, centralized
management and multiple network user profiles - NetOp is able to
increase security when mobile users plug back into your network. Step
into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
------------------------------------------------------------------------
--




--------------------------------------------------------------------------
FREE Download - The Future in Desktop Firewalls is Available Now
 
NEW NetOp Desktop Firewall, the world's first driver-centric 
firewall software - protecting your laptops and corporate PCs at  
ring-zero! NetOp features sophisticated process & application
control, centralized management and multiple network user profiles -
NetOp is able to increase security when mobile users plug back 
into your network. Step into a more secure future - Try it FREE
http://www.securityfocus.com/sponsor/CrossTec_firewalls_050315
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Reporting software for big amount fo Check Point Logs, Danilov, Jaroslav
Next by Date:  Re: ISA + Iptables, Volker Tanger
Previous by Thread:  Re: PIX 501 Port forwarding, Matt Ostiguy
Next by Thread:  RE: PIX 501 Port forwarding, Brad Davenport
Indexes:  [Date] [Thread] [Top] [All Lists]