Port Redirect to Inside Host on a Cisco PIX Firewall
This Tech-Recipes tutorial explains how to configure a PIX to redirect traffic to an inside host via port re-direction. An expample would be if you allowed your PIX to get its external address via DHCP, but you wanted to access a ftp server on the inside of your firewall as well as another host for vnc.
First, you have to add a static entry for the host and port redirecting like this:
static (inside,outside) tcp 188.8.131.52 ftp 192.168.1.100 ftp netmask 255.255.255.255
static (inside,outside) tcp 184.108.40.206 5900 192.168.1.110 5900 netmask 255.255.255.255
Note: The 220.127.116.11 is your outside interface that was assigned via dhcp.
Then you need to build an ACL to allow access through the PIX:
access-list outside-inbound permit tcp any host 18.104.22.168 eq ftp
access-list outside-inbound permit tcp host 22.214.171.124 host 126.96.36.199 eq 5900
Now, you can ftp from anywhere to the outside IP Address of the PIX and be redirected to 192.168.1.100 on the inside ftp server.
You can now also vnc to the outside interface and be redirected to 192.168.1.110 and access that server via vnc.
This is very helpful at times on smaller PIX’s on broadband connections, etc.
Follow the reactions below and share your own thoughts.