Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] P.A.T. question.

To: <[email protected]>
Subject: [FW1] P.A.T. question.
From: "Ed Davidson" <[email protected]>
Date: Tue, 17 Apr 2001 13:46:28 -0500
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

I have a question regarding PAT. I have a single box running TWO SSL services. One is on PORT 443, standard SSL, and the other is on PORT 6443. Unfortunatly I cannot bind these to both port 443 on different IP addresses due to restrictions on the server. This is a problem since many companies do not permit SSL over port 6443.

How do I NAT (PAT) this? Lets say that we have this IP address of 1.2.3.4 with service 6443 bound to it. I want to redirect requests to 1.2.3.4 to port 433 onto port 6443.

This is FW4.1sp3 running on NT.

I found the following document (bottom), but when I try this I get an error

Address Translation Verify Warnings:
Invalid Object in Translated Services of Address Translation Rule 7.
The valid objects are: TCP, UDP and port range.
In case of TCP and UDP objects, the& lt;Source port range> must be empty.

?????

-----------------------------------------------------------------------------------------------------------------------

Solution: How to translate the TCP port for incoming traffic (36.290)
This is done via NAT. Whatever other address translation is needed, it will be configured normally. Automatic address translation will not work. A new service needs to be created. In this case we called it ftp4000 with port 4000 and protocol type FTP.

The NAT rules looks like this:

Original Translated
Src Dst Svc Src Dst Svc
-----------------------------------|----------------------------------------------------------
Any FTPSrv-xlate ftp4000 Orig FTPSrv-int ftp
Any FTPSrv-xlate Any Orig FTPSrv-int Orig

Problem Description
How to translate the TCP port for incoming traffic





http://www.primeinc.com

**********************************************************************

This email and any files transmitted with it are confidential

and intended solely for the use of the individual or entity to

whom they are addressed.  If you have received this email

in error please reply to the sender of the message.



The views expressed in this correspondence may not

reflect the views of Prime, Inc.



This footnote also confirms that this email message has

been scanned for the presence of computer viruses.

***********************************************************************

References:
- [FW1] Telnet ports
  - From: "ITN (Bipin Mehta)" <[email protected]>

Prev by Date: RE: [FW1] stopping logging of nameserver requests
Next by Date: Re: [FW1] Dual NAT with FW-1 on NT
Previous by thread: [FW1] Telnet ports
Next by thread: Re: [FW1] Telnet ports
Index(es):
- Date
- Thread