Using the static Command for Port Redirection
One of the improvements of PIX OS Version 6.0 is that the static command can be used to
redirect services to specific ports and to translate the host’s address. This command enables
the outside user to connect to a specific address/port and have a Security Appliance redirect
the traffic to the appropriate inside/DMZ server. The syntax for this command is as follows:
LabPIX(config)# [static] (local_if_name, global_if_name) {tcp | udp} {global_ip/
interface} local_ip local port netmask mask [norandomseq] [max connections[emb_limit]]
For example:
LabPIX(config)# static (inside, outside) tcp 192.168.0.9 ftp
10.10.10.9 2100 netmask 255.255.255.255 0 0
The configuration in the preceding example would redirect all traffic that hits the outside
interface of the Security Appliance for IP address 192.168.0.9 on TCP port 21 to 10.10.10.9
on TCP port 2100.