Hi Drik Static command worked for the following port.
static (inside,outside) tcp 172.16.0.2 www 10.0.0.2 www netmask 255.255.255.255 but for some reason it is not working when configured for static (inside,outside) tcp 172.16.0.3 www 10.0.0.2 8080 netmask 255.255.255.255 Following things are captured when tried connecting to 172.16.0.3 on port 80 Enabled logging on the pix, but no errors were recorded. Also ran sniffer on the 10.0.0.0 network, it showed that the host 10.0.0.2 is not able to connect the source port from the source host. Hope something can be done with this Regards mrao ----- Original Message ----- From: "Dirk Pfau" <[EMAIL PROTECTED]> To: "Yahoo" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, February 04, 2002 5:06 AM Subject: Re: Pix 6.1 port forwarding > yes, you can do it. a little example: > > > ip address outside 172.16.0.1 255.255.255.0 > ip address inside 10.0.0.254 255.255.255.0 > .... > static (inside,outside) tcp 172.16.0.2 www 10.0.0.2 1234 netmask > 255.255.255.255 > static (inside,outside) tcp interface www 10.0.0.2 1235 netmask > 255.255.255.255 > ... > conduit permit .... > > it should be clear, 10.0.0.2 is your internal webserver. > > connecting 172.16.0.1 at port 80 will be forwarded to 10.0.0.2 port > 1235, > connecting 172.16.0.2 at port 80 will be forwarded to 10.0.0.2 port > 1234. > don't disable proxyarp at outside interface. > > best regards > > dirk > > > -- > energis-ISION > Dirk Pfau > IP Network / iSecurity > Harburger Schlossstr. 1 > D-21079 Hamburg > > Fon: +49 40 77175-538 > > eMail: [EMAIL PROTECTED] > Web: http://www.energis-ision.com > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
