PIX Firewall - Opening up a Port Range?

mdargin · ‎07-08-2011

How do you open a range of ports on the PIX Firewall CLI for the rules and NAT?

We have this configured on our PIX

static (inside,outside) tcp interface 3389 192.168.1.250 3389 netmask 255.255.255.255 0 0

access-list 101 permit tcp any host 173.13.28.146 eq 3389

I need to open up port range 5000 - 5070. I need to add that range to access-list 101 and a new static rule with that range. How do I add a range of ports (not just 1 single port) in these 2 locations (acl 101 and a new statc rule)?

Any response is greatly appreciated. Have a good day!

Anu M Chacko · ‎07-08-2011

Hi,

Unfortunately, you cannot configure a range of ports in Static NAT. You will need to configure a one-to-one static NAT for it and an access-list to open ports in the ACL.

static (in,out) x.x.x.x y.y.y.y netmask 255.255.255.255

access-list out permit ip any host x.x.x.x range 5000 5070

where x.x.x.x is a public IP given to you by the ISP.

Hope this helps!

Regards,

Anu

P.S. Please mark the question as resolved if it has been answered. Do rate helpful posts.