RE: forwarding in interfaces ethernet

[Glenn Shiffer]

Get rid of:   nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0   Instead use:               nat (real) 0 access-list real               access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.5 255.255.255.255 access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.6 255.255.255.255 access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.7 255.255.255.255   You can tighten these as you need after you get things working.   And, while you’re at it, why these two lines?   conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any   You may want to have a look at:   http://www.cisco.com/warp/public/707/index.shtml#IOS     Glenn   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Johnny Gonzalez Sent: Wednesday, January 09, 2002 6:01 PM To: bob bobing Cc: Lista de firewall Subject: Re: forwarding in interfaces ethernet   I no use syslog. I have this configuration in my pix:     nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 real security10 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto ip address outside x.y.z.130 255.255.255.192 ip address inside 10.10.10.1 255.255.255.0 ip address real q.w.r.1 255.255.255.0 global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0 global (outside) 1 a.b.c.254 netmask 255.255.255.0 nat (inside) 1 10.10.10.0 255.255.255.0 0 0 nat (real) 0 q.w.r.5 255.255.255.255 0 0 nat (real) 0 q.w.r.6 255.255.255.255 0 0 nat (real) 0 q.w.r.7 255.255.255.255 0 0 conduit permit icmp any any conduit permit tcp any range 1024 65535 any conduit permit udp any range 1024 65535 any     Thanks for your help me.