Re: PIX firewall Conduit operator

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Fri Aug 25 2000 - 10:51:32 GMT-3

• Next message: Sam Munzani: "Re: PIX firewall Conduit operator"
• Previous message: Aaron DuShey: "well known port numbers"
• Maybe in reply to: Sam Munzani: "PIX firewall Conduit operator"
• Next in thread: Sam Munzani: "Re: PIX firewall Conduit operator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I wanted to do that too but could not find a way about it. Only router IOS
does it.

Sam
----- Original Message -----
From: <smaljure@cibernetworks.com>
Cc: <ccielab@groupstudy.com>
Sent: Friday, August 25, 2000 7:56 AM
Subject: RE: PIX firewall Conduit operator

> Another FW question....
>
> I need to map a single external IP address to multiple internal IP
addresses
> based on port numbers....(PIX release 5.1(2))
>
> I looked up the "static" command from the command reference..
>
> static [(internal_if_name, external_if_name)] global_ip local_ip [netmask
> network_mask]
> [max_conns [em_limit]] [norandomseq]
>
> There doesn't seem to be an option to do this...
> Can somebody else please confirm or correct this?
> Thanks
> Sanjay Maljure
>
>
> -----Original Message-----
> From: pkjones@gpu.com [mailto:pkjones@gpu.com]
> Sent: Friday, August 25, 2000 8:42 AM
> To: Sam Munzani
> Cc: ccielab@groupstudy.com
> Subject: RE: PIX firewall Conduit operator
>
>
>
>
> Hi Sam,
>
> Try this:
>
> conduit permit tcp host x.x.x.x range 1024 5000 any
>
> Paul.
> ---------------------- Forwarded by Paul K Jones/DataComm/GPU on
08/25/2000
> 08:40 AM ---------------------------
>
>
> Sam Munzani <sam@chinet.com> on 08/24/2000 03:20:56 PM
>
> Please respond to Sam Munzani <sam@chinet.com>
>
>
>
> To: ccielab@groupstudy.com
>
> cc: (bcc: Paul K Jones/DataComm/GPU)
>
>
>
> Subject: PIX firewall Conduit operator
>
>
>
>
>
>
>
>
> Hi All,
>
> I have an unique situation. I have done static translation for a host
> behind firewall. Now I have to create conduit to open up following ports.
> TCP 419, 421,422, 1024 to 5000(Don't ask me why)
> I did those 400 series ports with 3 commands like below.
>
> conduit permit tcp host xxx.xxx.xxx.xxx eq 419 any
>
> Using gt and lt operator I could do following.
>
> conduit permit tcp host xxx.xxx.xxx.xxx gt 1024 any
> conduit permit tcp host xxx.xxx.xxx.xxx lt 5000 any
>
> However both operators does not work if I put in one line. I am not sure
> if this will work. I don't have any good way to test either because the
> people requesting to open these ports don't have a clue of what they are
> doing and if there is any application listening to those ports.
>
> Any suggestions are appreciated.
>
> Sam
>

• Next message: Sam Munzani: "Re: PIX firewall Conduit operator"
• Previous message: Aaron DuShey: "well known port numbers"
• Maybe in reply to: Sam Munzani: "PIX firewall Conduit operator"
• Next in thread: Sam Munzani: "Re: PIX firewall Conduit operator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:30 GMT-3