Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Firewall Wizards: Re: pix config for nat port 80 and port 8080 to same internal ip and port?

Re: pix config for nat port 80 and port 8080 to same internal ip and port?

From: Jim Morris <ml_at_e4net.com>
Date: Thu, 20 Mar 2008 14:29:51 -0700

Farrukh Haroon wrote:
> Jim, is it only an error or is it a 'warning'?
>
> Do "show run | inc static", maybe both statics are there?

It is an error, and the static does not appear. This is not surprising as the documentation
specifically states that statics need a unique destination host/port. I was using this as an example
of what I want to do, but can't due to the restriction above.

I *think* that the only way to do what I want to do is use static policy nat, but having combed
through the docs I am not sure exactly how to do that. But with policy Nat you can have non-unique
destinations, so long as the source/port and dest/port pairs are unique.

>
> Regards
>
> Farrukh
>
> On Thu, Mar 20, 2008 at 3:02 AM, Jim Morris <ml_at_e4net.com
> <mailto:ml_at_e4net.com>> wrote:
>
> Paul Melson wrote:
> > On Wed, Mar 19, 2008 at 3:50 PM, Jim Morris <ml_at_e4net.com
> <mailto:ml_at_e4net.com>> wrote:
> >> What I really want to do is have a request for port 80 or port
> 8080 redirect to the same port 8162
> >> so this would be what I want to do, but of course this doesn't
> work as static nat needs the
> >> destinations to be different...
> >>
> >> static (inside,outside) tcp xxx.xxx.xxx.34 www xxx.xxx.xxx.34
> 8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0
> >> static (inside,outside) tcp xxx.xxx.xxx.34 8080 xxx.xxx.xxx.34
> 8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0
> >
> > Do you get an error message or does it just "not work" ?
> >
> > PaulM
> >
>
> Yes you get an error message, something like...
>
> ERROR: duplicate of existing static
>
> tcp from inside:xxx.xxx.xxx.35/8162 to outside:xxx.xxx.xxx.35/80
> netmask 255.255.255.255 <http://255.255.255.255>
>
>
> --
> Jim Morris, http://blog.wolfman.com
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards_at_listserv.icsalabs.com
> <mailto:firewall-wizards_at_listserv.icsalabs.com>
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> 

-- 
Jim Morris, http://blog.wolfman.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Mar 24 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]