Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

port redirection doesn't work

Status
Not open for further replies.
stevenriz

stevenriz

IS-IT--Management
May 21, 2001
1,069
0
0
I have three machines that I wish to do port redirection to. I got two to work, the other one doesn't for some reason. I can't figure it out.... Here are the commands I use.... Hopefully it is enough info for you. I don't know what I could be doing wrong. Help if you can!! Thank you very much!!
Steve


WORKS
static (corp,outside) tcp public.ip1 8080 netmask 255.255.255.255 0 0

WORKS
static (inside,outside) tcp public.ip2 8080 netmask 255.255.255.255 0 0

DOESN'T WORK
static (corp,outside) tcp public.ip3 8080 netmask 255.255.255.255 0 0

CONDUITS
conduit permit tcp host 66.238.208.103 eq conduit permit tcp host 66.238.208.102 eq conduit permit tcp host 66.238.208.106 eq
 
Sort by date Sort by votes
Update....

I added the line for the heck of it to see what happens....
conduit permit tcp host 66.238.208.106 eq 8080 any

Now it flows through as long as you put :8080 in the web address. Don'tunderstand why that works and
Steve
 
Upvote 0 Downvote
Upvote 0 Downvote
Well, I use the conduit command to allow through. With the static command I redirect anything coming in at to 8080 internally. I do have a small access list. So eliminating coduits and enhancing an access list is better?

Anyway, I rewrote the line to stop the redirect and to open up 8080 only in a new conduit line. It is working.... If we ever to to PROD (80) with this, I will have to rework the command.

Thanks all
Steve
 
Upvote 0 Downvote
HI.

> With the static command I redirect anything coming in at to 8080 internally
You're right - I missed that.

> So eliminating coduits and enhancing an access list is better
Mixing conduit and access-list is not good, so you should better use one or the other but not both.
The mix can cause such problems you have because access-list can override conduits.
The conduit command is for backward compatiblity (when you upgrade pix OS with old config).


Yizhar Hurwitz
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
124
XLNTech1
XLNTech1
EdwardMcClelland
  • Locked
  • Question
Google DNS works with Sonic-wall installed. Cox doesn't.
Replies
1
Views
60
ChrisHirst
ChrisHirst
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
64
RodneyMcSnow
RodneyMcSnow
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
63
iggsterman
iggsterman
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
48
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top