[fw-wiz] pix config for nat port 80 and port 8080 to same internal ip and port?


I've been struggling with this for a while, and searched for an answer which has eluded me so far.

I currently have a Pix 515E Version 6.3(5) setup to allow incoming requests on port 80 to be
redirected to a server at port 8162 and incoming requests on port 8080 to redirect to the same
server at port 8080. (The internal and external IPs are the same ie 1:1 NAT).

static (inside,outside) tcp xxx.xxx.xxx.34 www xxx.xxx.xxx.34 8162 netmask 0 0
static (inside,outside) tcp xxx.xxx.xxx.34 8080 xxx.xxx.xxx.34 8080 netmask 0 0

This works but means I need to have two listeners running on the server one on port 8162 and one on
port 8080.

What I really want to do is have a request for port 80 or port 8080 redirect to the same port 8162

so this would be what I want to do, but of course this doesn't work as static nat needs the
destinations to be different...

static (inside,outside) tcp xxx.xxx.xxx.34 www xxx.xxx.xxx.34 8162 netmask 0 0
static (inside,outside) tcp xxx.xxx.xxx.34 8080 xxx.xxx.xxx.34 8162 netmask 0 0

I have looked at policy NAT, but I don't see how to specify what port to map to.

This seems like a pretty common thing to want to do, so is it possible? if so how?

Thanks for any help.

Jim Morris, http://blog.wolfman.com
firewall-wizards mailing list

Relevant Pages

  • Virtual host "lite"?
    ... redirect an incoming we request based on DNS name, ... "http://webmail.domain.com " will automatically be redirected to port ... fall over and the Boss works out what a "server" is.. ...
  • Re: POE and Port Redirection
    ... > The client will create many session on the same port on the Server. ... > redirect, but I am at a loss from where to from here. ... sub forwarder_create { ...
  • SuSE 9.1: iptables problem (-t nat OUTPUT) - a bug???
    ... the address translation in the OUTPUT nat table is not ... redirect an access to the external destination port 80 to port 3128 ... In the firewall script above I have installed a redirect in the ... PREROUTING chain and I have locked the INPUT chain in order to be able ...
  • Re: Port 23 Open Despite Firewalls
    ... > At the place where I work a Windows 2000 server has access to the internet ... try scanning with another web page or port scanner program [such as ... On a Windows machine, ... The system being scanned is probably the one that is performing NAT. ...
  • Re: FreeBSD 7.1 and BIND exploit
    ... If you have a server that is running ... BIND, update BIND now. ... Make sure that you are not specifying a port via ... queries behind a one-to-many NAT using pf, ...