RE: PIX firewall Conduit operator

From: Maljure, Sanjay (smaljure@xxxxxxxxxxxxxxxxx)
Date: Fri Aug 25 2000 - 13:01:30 GMT-3

• Next message: James Chen: "Re: 2nd attempt at a question!!"
• Previous message: pkjones@xxxxxxx: "RE: PIX firewall Conduit operator"
• Maybe in reply to: Sam Munzani: "PIX firewall Conduit operator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi Paul
It is basically devices on the outside that will be sourcing the streams...

Sanjay

-----Original Message-----
From: pkjones@gpu.com [mailto:pkjones@gpu.com]
Sent: Friday, August 25, 2000 11:56 AM
To: smaljure@cibernetworks.com
Cc: ccielab@groupstudy.com
Subject: RE: PIX firewall Conduit operator

Hi Sanjay,

Which devices will sourcing the streams, the inside devices, the outside
world,
or either?

Paul.

smaljure@cibernetworks.com on 08/25/2000 08:56:14 AM

Please respond to smaljure@cibernetworks.com

 To:

 cc: ccielab@groupstudy.com(bcc: Paul K
          Jones/DataComm/GPU)

 Subject: RE: PIX firewall Conduit operator

Another FW question....

I need to map a single external IP address to multiple internal IP addresses
based on port numbers....(PIX release 5.1(2))

I looked up the "static" command from the command reference..

static [(internal_if_name, external_if_name)] global_ip local_ip [netmask
network_mask]
[max_conns [em_limit]] [norandomseq]

There doesn't seem to be an option to do this...
Can somebody else please confirm or correct this?
Thanks
Sanjay Maljure

-----Original Message-----
From: pkjones@gpu.com [mailto:pkjones@gpu.com]
Sent: Friday, August 25, 2000 8:42 AM
To: Sam Munzani
Cc: ccielab@groupstudy.com
Subject: RE: PIX firewall Conduit operator

Hi Sam,

Try this:

conduit permit tcp host x.x.x.x range 1024 5000 any

Paul.
---------------------- Forwarded by Paul K Jones/DataComm/GPU on 08/25/2000
08:40 AM ---------------------------

Sam Munzani <sam@chinet.com> on 08/24/2000 03:20:56 PM

Please respond to Sam Munzani <sam@chinet.com>

 To: ccielab@groupstudy.com

 cc: (bcc: Paul K Jones/DataComm/GPU)

 Subject: PIX firewall Conduit operator

Hi All,

I have an unique situation. I have done static translation for a host
behind firewall. Now I have to create conduit to open up following ports.
TCP 419, 421,422, 1024 to 5000(Don't ask me why)
I did those 400 series ports with 3 commands like below.

conduit permit tcp host xxx.xxx.xxx.xxx eq 419 any

Using gt and lt operator I could do following.

conduit permit tcp host xxx.xxx.xxx.xxx gt 1024 any
conduit permit tcp host xxx.xxx.xxx.xxx lt 5000 any

However both operators does not work if I put in one line. I am not sure
if this will work. I don't have any good way to test either because the
people requesting to open these ports don't have a clue of what they are
doing and if there is any application listening to those ports.

Any suggestions are appreciated.

Sam

• Next message: James Chen: "Re: 2nd attempt at a question!!"
• Previous message: pkjones@xxxxxxx: "RE: PIX firewall Conduit operator"
• Maybe in reply to: Sam Munzani: "PIX firewall Conduit operator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:30 GMT-3