If I want to forward this range of ports (6881-6999) to a host on the inside
of my pix (10.1.150.104), would this statement cover it?

access-list 100 permit tcp host any host 10.1.150.104 eq 6881-6999

Thanks,
Mike




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----

access-list acl_name permit tcp host any host 10.1.150.104 range 6881 6999

If you're using NAT then you'll also need a static translation.

Don Woodward


"Mike" <mikebegin@hotmail.com> wrote in message
news:40c06cf9_6@corp.newsgroups.com...

In article <40c06cf9_6@corp.newsgroups.com>,
Mike <mikebegin@hotmail.com> wrote:
:If I want to forward this range of ports (6881-6999) to a host on the inside
f my pix (10.1.150.104), would this statement cover it?

:access-list 100 permit tcp host any host 10.1.150.104 eq 6881-6999

No. You need to

static (inside, outside) tcp interface 6881 10.1.150.104 6881 netmask 255.255.255.255
static (inside, outside) tcp interface 6882 10.1.150.104 6882 netmask 255.255.255.255
static (inside, outside) tcp interface 6883 10.1.150.104 6883 netmask 255.255.255.255
[...] 110-some odd individual static's here
static (inside, outside) tcp interface 6999 10.1.150.104 6999 netmask 255.255.255.255

PIX 6.2 or 6.3(1):
access-list 100 permit tcp any interface range 6881 6999
access-group 100 in interface outside

PIX 6.3(2) or later:

access-list 100 permit tcp any interface outside range 6881 6999


There is no way on the PIX to do static PAT for a range of ports.
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers

"Walter Roberson" <roberson@ibd.nrc-cnrc.gc.ca> wrote in message
news:c9q4st$ps5$1@canopus.cc.umanitoba.ca...
Thanks Walter!




-----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
-----== Over 100,000 Newsgroups - 19 Different Servers! =-----