[lug] OT: Cisco PIX
Hugh Brown
hugh at math.byu.edu
Thu Oct 17 14:45:44 MDT 2002
I am struggling with getting a Cisco PIX firewall (501) to redirect web
traffic on the outside interface to a specific host on the inside
interface.
Under linux I would do this:
ipmasqadm portfw -a -P tcp -L <ext ip> 80 -R <internal host> 80
ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \
-s <remotehost> $UNPRIVPORTS \
-d <ext ip> 443 -j ACCEPT -l
ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \
-s <ext ip> 443 \
-d <remote host> $UNPRIVPORTS -j ACCEPT -l
I have tried the following on the pix
static (inside,outside) <ext ip> <internal host> netmask 255.255.255.255
0 0
access-list acl_out permit tcp host <remote host> gt 1024 host <internal
host> eq 80
access-group acl_out in interface outside
and I get:
106023: Deny tcp src outside:<remote host>/40623 dst inside:<ext ip>/80
by access-group "acl_out"
What am I doing wrong?
Hugh
More information about the LUG
mailing list