Firewall Wizards: Re: pix config for nat port 80 and port 8080 to same internal ip and port?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: pix config for nat port 80 and port 8080 to same internal ip and port?

From: Jim Morris <ml () e4net com>
Date: Thu, 20 Mar 2008 14:29:51 -0700

Farrukh Haroon wrote:

Jim, is it only an error or is it a 'warning'?

Do "show run | inc static", maybe both statics are there?


It is an error, and the static does not appear. This is not surprising as the documentation
specifically states that statics need a unique destination host/port. I was using this as an example
of what I want to do, but can't due to the restriction above.

I *think* that the only way to do what I want to do is use static policy nat, but having combed
through the docs I am not sure exactly how to do that. But with policy Nat you can have non-unique
destinations, so long as the source/port and dest/port pairs are unique.


Regards

Farrukh

On Thu, Mar 20, 2008 at 3:02 AM, Jim Morris <ml () e4net com 
<mailto:ml () e4net com>> wrote:

    Paul Melson wrote:
     > On Wed, Mar 19, 2008 at 3:50 PM, Jim Morris <ml () e4net com
    <mailto:ml () e4net com>> wrote:
     >>  What I really want to do is have a request for port 80 or port
    8080 redirect to the same port 8162
     >>  so this would be what I want to do, but of course this doesn't
    work as static nat needs the
     >>  destinations to be different...
     >>
     >>  static (inside,outside) tcp xxx.xxx.xxx.34 www xxx.xxx.xxx.34
    8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0
     >>  static (inside,outside) tcp xxx.xxx.xxx.34 8080 xxx.xxx.xxx.34
    8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0
     >
     > Do you get an error message or does it just "not work" ?
     >
     > PaulM
     >

    Yes you get an error message, something like...

    ERROR: duplicate of existing static

        tcp from inside:xxx.xxx.xxx.35/8162 to outside:xxx.xxx.xxx.35/80
    netmask 255.255.255.255 <http://255.255.255.255>


    --
    Jim Morris, http://blog.wolfman.com
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards () listserv icsalabs com
    <mailto:firewall-wizards () listserv icsalabs com>
    https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



-- 
Jim Morris, http://blog.wolfman.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 19)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Paul Melson (Mar 20)
  - Re: pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 20)
    - Re: pix config for nat port 80 and port 8080 to same internal ip and port? Farrukh Haroon (Mar 24)
    - Re: pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 24)
    - Re: pix config for nat port 80 and port 8080 to same internal ip and port? Paul Melson (Mar 24)
    - Re: pix config for nat port 80 and port 8080 to same internal ip and port? kevin horvath (Mar 26)
  - Re: pix config for nat port 80 and port 8080 to same internal ip and port? Chris Myers (Mar 24)