Firewall Wizards mailing list archives
Re: pix config for nat port 80 and port 8080 to same internal ip and port?
From: Jim Morris <ml () e4net com>
Date: Thu, 20 Mar 2008 14:29:51 -0700
Farrukh Haroon wrote:
Jim, is it only an error or is it a 'warning'? Do "show run | inc static", maybe both statics are there?
It is an error, and the static does not appear. This is not surprising as the documentation specifically states that statics need a unique destination host/port. I was using this as an example of what I want to do, but can't due to the restriction above. I *think* that the only way to do what I want to do is use static policy nat, but having combed through the docs I am not sure exactly how to do that. But with policy Nat you can have non-unique destinations, so long as the source/port and dest/port pairs are unique.
Regards Farrukh On Thu, Mar 20, 2008 at 3:02 AM, Jim Morris <ml () e4net com <mailto:ml () e4net com>> wrote: Paul Melson wrote: > On Wed, Mar 19, 2008 at 3:50 PM, Jim Morris <ml () e4net com <mailto:ml () e4net com>> wrote: >> What I really want to do is have a request for port 80 or port 8080 redirect to the same port 8162 >> so this would be what I want to do, but of course this doesn't work as static nat needs the >> destinations to be different... >> >> static (inside,outside) tcp xxx.xxx.xxx.34 www xxx.xxx.xxx.34 8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0 >> static (inside,outside) tcp xxx.xxx.xxx.34 8080 xxx.xxx.xxx.34 8162 netmask 255.255.255.255 <http://255.255.255.255> 0 0 > > Do you get an error message or does it just "not work" ? > > PaulM > Yes you get an error message, something like... ERROR: duplicate of existing static tcp from inside:xxx.xxx.xxx.35/8162 to outside:xxx.xxx.xxx.35/80 netmask 255.255.255.255 <http://255.255.255.255> -- Jim Morris, http://blog.wolfman.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com <mailto:firewall-wizards () listserv icsalabs com> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
-- Jim Morris, http://blog.wolfman.com _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 19)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Paul Melson (Mar 20)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 20)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Farrukh Haroon (Mar 24)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 24)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Paul Melson (Mar 24)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? kevin horvath (Mar 26)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Jim Morris (Mar 20)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Paul Melson (Mar 20)
- Re: pix config for nat port 80 and port 8080 to same internal ip and port? Chris Myers (Mar 24)