I have a question regarding PAT. I have a single
box running TWO SSL services. One is on PORT 443, standard SSL, and the
other is on PORT 6443. Unfortunatly I cannot bind these to both port 443
on different IP addresses due to restrictions on the server. This is a
problem since many companies do not permit SSL over port
6443.
How do I NAT (PAT) this? Lets say that we have
this IP address of 1.2.3.4 with service 6443 bound to it. I want to
redirect requests to 1.2.3.4 to port 433 onto port
6443.
This is FW4.1sp3 running on NT.
I found the following document (bottom), but when I try
this I get an error
Address Translation Verify Warnings: Invalid Object
in Translated Services of Address Translation Rule 7. The valid objects
are: TCP, UDP and port range. In case of TCP and UDP objects, the&
lt;Source port range> must be empty.
?????
-----------------------------------------------------------------------------------------------------------------------
Solution: How to translate the TCP port
for incoming traffic (36.290) This is done via NAT. Whatever
other address translation is needed, it will be configured normally. Automatic
address translation will not work. A new service needs to be created. In this
case we called it ftp4000 with port 4000 and protocol type FTP.
The NAT rules looks like this:
Original Translated Src Dst Svc
Src Dst Svc
-----------------------------------|----------------------------------------------------------
Any FTPSrv-xlate ftp4000 Orig FTPSrv-int ftp Any FTPSrv-xlate Any Orig
FTPSrv-int Orig
Problem Description How to
translate the TCP port for incoming
traffic
http://www.primeinc.com
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email
in error please reply to the sender of the message.
The views expressed in this correspondence may not
reflect the views of Prime, Inc.
This footnote also confirms that this email message has
been scanned for the presence of computer viruses.
***********************************************************************
|