RE: forwarding in interfaces ethernet (in a more readable form)

Wed, 09 Jan 2002 17:05:27 -0800 

Get rid of:

nat (real) 0 q.w.r.5 255.255.255.255 0 0
nat (real) 0 q.w.r.6 255.255.255.255 0 0
nat (real) 0 q.w.r.7 255.255.255.255 0 0

Instead use:

        nat (real) 0 access-list real

        access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.5
255.255.255.255 
         access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.6
255.255.255.255 
         access-list real permit ip 10.10.10.0 255.255.255.0 q.w.r.7
255.255.255.255

You can tighten these as you need after you get things working.

And, while you're at it, why these two lines?

conduit permit tcp any range 1024 65535 any
conduit permit udp any range 1024 65535 any

You may want to have a look at:

http://www.cisco.com/warp/public/707/index.shtml#IOS


Glenn

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Johnny Gonzalez
Sent: Wednesday, January 09, 2002 6:01 PM
To: bob bobing
Cc: Lista de firewall
Subject: Re: forwarding in interfaces ethernet

I no use syslog.
I have this configuration in my pix:


nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 real security10
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
ip address outside x.y.z.130 255.255.255.192
ip address inside 10.10.10.1 255.255.255.0
ip address real q.w.r.1 255.255.255.0
global (outside) 1 a.b.c.1-a.b.c.253 netmask 255.255.255.0
global (outside) 1 a.b.c.254 netmask 255.255.255.0
nat (inside) 1 10.10.10.0 255.255.255.0 0 0
nat (real) 0 q.w.r.5 255.255.255.255 0 0
nat (real) 0 q.w.r.6 255.255.255.255 0 0
nat (real) 0 q.w.r.7 255.255.255.255 0 0
conduit permit icmp any any
conduit permit tcp any range 1024 65535 any
conduit permit udp any range 1024 65535 any


Thanks for your help me.



_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to