Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up FTP server behind PIX

Status
Not open for further replies.
rburke

rburke

Programmer
Apr 28, 2002
426
US
Ok, my question is this:

Right now I have a Linksys Cable/xDSL 4-port router, that has the option to specify certain ports to certain internal IP's. I have normal residential cale service, which mean that I only get one real IP via DHCP. My question, is it possible to do the same kind of thing with a PIX 501 or 506?

ie. all requests on port tcp 21 get directed to NAT IP 192.168.1.x

I know how to do it using the static and conduit or access-list commands if I have multiple real IP's, but I'm just a student, no money for that. Please let me know if anyone has any ideas?

burke
 
Sort by date Sort by votes
HI.

Yes, it can be done with the pix using the version 6.x
You can use the STATIC command with TCP parameter to define mapping for a specific port only.

If your pix is behind the DSL router, and the router has 1 registerd ip address but supports several internal addresses (so both pix and router do NAT in that case), then you have 2 options:

A) Define virtual ip addresses for each internal server, use port mapping on the DSL router to point to those virtual addresses, and at the pix use the "normal" STATIC command to map those addresses to the internal ip address of the server.

B) At the DSL router, map all needed ports to the pix outside interface, and at the pix use STATIC TCP to map each port to the correct server.

I would go with option A as first alternative.

But if you have an option that the pix will get in some way the registered ip address on the outside interface, and only the pix will NAT, this is preffered.

Bye
Yizhar Hurwitz
 
Upvote 0 Downvote
Ok, if my global IP(outside interface) is given via DHCP and my internal FTP server IP is 10.10.10.1/24. What would the command line for the STACTIC TCP look like? Thanks for the help.

burke
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
110
xwray
xwray
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
135
Russtoleum
Russtoleum
raist3001
  • Locked
  • Question
Unable to remote into PBX behind Sonicwall TZ-190
Replies
1
Views
113
fojin
fojin
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
151
brownmab53
brownmab53
quazimotto
  • Locked
  • Question
Correct Upgrade Path for PIX
Replies
7
Views
215
quazimotto
quazimotto

Part and Inventory Search

Sponsor

Back
Top