On Thursday 14 April 2005 03:09 pm, Adam Maloney wrote: > On Thu, 14 Apr 2005, John Meier wrote: > > If I had an extra external IP address and reserved it for the web server > > (and set up an A record using that IP and a really cool host name), could > > the PIX take traffic going to that extra IP and forward just traffic on > > port 80 to the web server at 10.1.1.115 <http://10.1.1.115> ? > > You technically don't even need another IP address - as long as port 80 on > the external address isn't already being forwarded somewhere, you could > just use that. > > You're looking at something like: > > static (inside,outside) your.public.ip webserver.private.ip netmask \ > 255.255.255.255 0 0 > conduit permit tcp host your.public.ip eq www any > This syntax is correct, though you should use ACLs instead of conduits as Cisco has decided to phase out conduit support eventually. Plus, whats up with the switched "to" and "from" order in conduits?