From: smaljure@xxxxxxxxxxxxxxxxx
Date: Fri Aug 25 2000 - 09:56:14 GMT-3
Another FW question....
I need to map a single external IP address to multiple internal IP addresses
based on port numbers....(PIX release 5.1(2))
I looked up the "static" command from the command reference..
static [(internal_if_name, external_if_name)] global_ip local_ip [netmask
network_mask]
[max_conns [em_limit]] [norandomseq]
There doesn't seem to be an option to do this...
Can somebody else please confirm or correct this?
Thanks
Sanjay Maljure
-----Original Message-----
From: pkjones@gpu.com [mailto:pkjones@gpu.com]
Sent: Friday, August 25, 2000 8:42 AM
To: Sam Munzani
Cc: ccielab@groupstudy.com
Subject: RE: PIX firewall Conduit operator
Hi Sam,
Try this:
conduit permit tcp host x.x.x.x range 1024 5000 any
Paul.
---------------------- Forwarded by Paul K Jones/DataComm/GPU on 08/25/2000
08:40 AM ---------------------------
Sam Munzani <sam@chinet.com> on 08/24/2000 03:20:56 PM
Please respond to Sam Munzani <sam@chinet.com>
cc: (bcc: Paul K Jones/DataComm/GPU)
Subject: PIX firewall Conduit operator
Hi All,
I have an unique situation. I have done static translation for a host
behind firewall. Now I have to create conduit to open up following ports.
TCP 419, 421,422, 1024 to 5000(Don't ask me why)
I did those 400 series ports with 3 commands like below.
conduit permit tcp host xxx.xxx.xxx.xxx eq 419 any
Using gt and lt operator I could do following.
conduit permit tcp host xxx.xxx.xxx.xxx gt 1024 any
conduit permit tcp host xxx.xxx.xxx.xxx lt 5000 any
However both operators does not work if I put in one line. I am not sure
if this will work. I don't have any good way to test either because the
people requesting to open these ports don't have a clue of what they are
doing and if there is any application listening to those ports.
Any suggestions are appreciated.
Sam
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:30 GMT-3