506e help

[soulofmischief]

hi all.. i know nothing about cisco... so im looking for a little help.

i recently got permission at work to put up a game server. the network is running a cicsco pix 506e for vpn/firewall.

im having some problems opening ports to the game server ...

#1. trying to open a range of ports (i.e. 40000-42000) returns a invalid port. i type in the console:

static (inside,outside) udp interface 40000 42000 192.168.0.48 40000 42000 netmask 255.255.255.255

and it returns an invalid port. i can enter each one individually, but there is no way in hell im going to do that 2000 times.

#2. the other question i have is the inside/outside part. to me, it seems like im letting traffic out, not in.... is this the right way to let specific port ranges into the network?

the pix is set up to let all inside traffic out. i know the ports to let in, i just need a lil help

thanks all

 

[mtashiro]

create a static for the server then allow the range of port to that IP.

Example: The outside IP is 11.1.1.1 and the inside IP is 192.168.1.1

static (inside,outside) 11.1.1.1 192.168.1.1

access-list GAMEPORTS permit udp any host 11.1.1.1 range 40000 42000

access-group GAMEPORTS in interface oustide


BE AWARE: OPENING THIS MANY PORTS MAY NOT BE A GOOD IDEA.

 

[soulofmischief]

thats what i was trying to avoid, openening every port to that server....

id much prefer to open just the ports needed.. thxs tho!

 

[cchipman]

soulofmischief, you misunderstand, mtashiro's response is the correct one.

by using the static command, you are opening nothing. You are merely saying "always map this internal ip address to this external ip address"

the access-list is what opens the ports. Only the ports specifically noted are opened.