Port Translation based on Source Address
From: Chuck (kris_chucky_at_hotmail.com)
Date: 11/08/04
- Next message: Tosca: "What is happening when I ping against firewall?"
- Previous message: Steve: "Re: Loose Internet Connection Overnight"
- Next in thread: Leythos: "Re: Port Translation based on Source Address"
- Reply: stephane nasdrovisky: "Re: Port Translation based on Source Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 7 Nov 2004 23:09:33 -0800
I've heard that some firewalls / nat routers are capable of carrying
out port translation based on source address.
Example:
* The public address of my border firewall is 50.60.70.80
* I want to configure a nat/pat to forward port 22 from the public
source address 30.30.30.80 to my inside device 192.168.5.1, and
requests from all other public source addresses to be handled by the
router itself (ie not natted).
Apparently this is possible on Microsoft ISA & OpenBSD, but as far as
I know
Cisco can't do it, for example in cisco you would just type:
ip nat inside source static tcp 192.168.5.1 22 interface
<interfacename> 22
and that would nat ALL traffic directed at port 22 of it's public ip
address to the inside device 192.168.5.1, ie you can't differentiate
based on source address.
If anyone can write on their experience with this on Cisco, ISA,
Checkpoint, OpenBSD or anything else that would be great.
regards
KC
- Next message: Tosca: "What is happening when I ping against firewall?"
- Previous message: Steve: "Re: Loose Internet Connection Overnight"
- Next in thread: Leythos: "Re: Port Translation based on Source Address"
- Reply: stephane nasdrovisky: "Re: Port Translation based on Source Address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
