Port address translation
I am using MS Exchange and Windows Small Business Server behind a WRT54G. I have enabled Outlook Web Access on port 80 in the WRT54G. I have another device that requires port 80. I am told that routers can send inquires on one port to another port. Can anyone tell me how to setup the WRT54G to do this port translation?
Con you provide more details like the hardware and firmware version of router.
Also for this you need to enable the UPnP forwarding on router.
Similar Messages
-
Static Port Address Translation 8.4
Hello Experts,
Is the static Port Address Translation is bidirectional in 8.4 ???
I have configured static port address translation for the 2 server with same Public IP for the port 80 and 23. The strange thing is when they initiate a connection to the outside world they are allowed access to the internet as they are not included in the Dynamic Port address translation pool.
object network inside network.
subnet 192.168.10.0 255.255.255.0
Can anybody help me.
ThanksHello Dears
Packet tracer for the Static port redirection server IP's.
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 1.1.1.1:23 inside 2.2.2.2:28826, idle 0:00:09, bytes 149, flags UIO
ciscoasa(config)# sh xlate
2 in use, 3 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
TCP PAT from inside:2.2.2.2 23-23 to outside:3.3.3.3 23-23
flags sr idle 2:11:34 timeout 0:00:00
TCP PAT from inside:10.10.10.1 8080-8080 to outside:3.3.3.3 80-80
flags sr idle 2:11:34 timeout 0:00:00
ciscoasa(config)# sh local-host
Interface management: 0 active, 0 maximum active, 0 denied
Interface inside: 1 active, 2 maximum active, 0 denied
local host: <2.2.2.2>,
TCP flow count/limit = 1/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
TCP outside 1.1.1.1:23 inside 2.2.2.2:28826, idle 0:00:21, bytes 149, flags UIO
Interface outside: 1 active, 1 maximum active, 0 denied
local host: <1.1.1.1>,
TCP flow count/limit = 1/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
TCP outside 1.1.1.1:23 inside 2.2.2.2:28826, idle 0:00:21, bytes 149, flags UIO
ciscoasa(config)# packet-tracer input inside tcp 2.2.2.2 28826 1.1.1.1 23
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 15, using existing flow
Result:
input-interface: inside
input-status: up
input-line-status: up
Action: allow
ciscoasa(config)# sh conn
1 in use, 1 most used
TCP outside 1.1.1.1:23 inside 10.10.10.1:31862, idle 0:00:18, bytes 149, flags UIO
ciscoasa(config)# sh xlate
2 in use, 3 most used
Flags: D - DNS, i - dynamic, r - portmap, s - static, I - identity, T - twice
TCP PAT from inside:2.2.2.2 23-23 to outside:3.3.3.3 23-23
flags sr idle 2:15:10 timeout 0:00:00
TCP PAT from inside:10.10.10.1 8080-8080 to outside:3.3.3.3 80-80
flags sr idle 2:15:10 timeout 0:00:00
ciscoasa(config)# sh local-host
Interface management: 0 active, 0 maximum active, 0 denied
Interface inside: 1 active, 2 maximum active, 0 denied
local host: <10.10.10.1>,
TCP flow count/limit = 1/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
TCP outside 1.1.1.1:23 inside 10.10.10.1:31862, idle 0:00:36, bytes 149, flags UIO
Interface outside: 1 active, 1 maximum active, 0 denied
local host: <1.1.1.1>,
TCP flow count/limit = 1/unlimited
TCP embryonic count to host = 0
TCP intercept watermark = unlimited
UDP flow count/limit = 0/unlimited
Conn:
TCP outside 1.1.1.1:23 inside 10.10.10.1:31862, idle 0:00:36, bytes 149, flags UIO
ciscoasa(config)# packet-tracer input inside tcp 10.10.10.1 31862 1.1.1.1 23
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found flow with id 17, using existing flow
Result:
input-interface: inside
input-status: up
input-line-status: up
Action: allow
Thanks -
RVL200 Port Address Translation
Hi,
Does the RVL200 offer Port Address Translation and it so where do I find the feature in the web interface. So far I have only found Port Forwarding and Port Triggering. The RVL200 has got the latest firmware installed (1.1.12.1).
Thankyou,
Robin HornThe port address translation rule can be configured at Setup>UPnP page. You would have to add a Service that specifies the External port and Internal port. Note that the UPnP checkbox does not need to be checked. (The feature is known as Asymmetric forwarding, as opposed to the regular port forwarding.)
-
Network Address Translation, Automatic Port Forwarding
Does the Airport Extreme do
Network Address Translation? Do I have to do something to make NAT functional?
Does the Airport Extreme automatically forward ports? Or is this something I have to do manually
sorry if this is discussed already but a Search of Forum did did not yield the information I need.Hi Barbara, welcome to the discussion area!
+Does the Airport Extreme do Network Address Translation?+
Yes
+Do I have to do something to make NAT functional?+
No, if you have the device configured as a router with the Connection Sharing settings set to Share a public IP address so that the AirPort Extreme is handling the chore of assigning IP addresses to connected devices.
If you have the AirPort Extreme configured as a "bridge", then NAT is handled by the router that is upstream of the AirPort Extreme.
+Does the Airport Extreme automatically forward ports? Or is this something I have to do manually+
Port forwarding must be setup manually on the AirPort Extreme using AirPort Utility, the application used to setup the AirPorts. -
On UPnP and NAT (Network Address Translation)
Why UPnP is an often asked Question.
This article goes a long way to say why.
A couple of Quotes
*What is UPnP?*
Universal Plug and Play (UPnP) is an architecture for pervasive peer-to-peer network connectivity of PCs and intelligent devices or appliances, particularly within the home. UPnP builds on Internet standards and technologies, such as TCP/IP, HTTP, and XML, to enable these devices to automatically connect with one another and work together to make networking - particularly home networking - possible for more people.
*Are there other ways to solve the problem of NAT traversal? If so, why is using UPnP the best choice?*
Yes, there are other ways to solve this problem, but no other mechanism currently exists as an industry standard to address this problem in an automatic way for the consumer and in such a universally-applicable way for the developer.
Simply Automated Starter Package
Other approaches require either manual intervention by the user or they require special development efforts by the Internet gateway device vendor and the software developer to handle the NAT traversal needs of specific applications. As a result, UPnP is uniquely able to solve this important problem.
*Consumer does the work.* The manual intervention methods of NAT traversal require a consumer to use a browser, a graphical user interface-based tool on the PC, or a command line interface tool on the PC to change some settings on the Internet gateway device in the home. While some technical enthusiast users have little difficulty with this, many consumers do not feel comfortable doing this. Further, many consumers may not even realize that NAT traversal problems are interfering with their use of services across the Internet. _The user may be attempting to play a multi-player game or engage in some other peer-to-peer service but find he or she cannot connect for some reason._ This leads to troubleshooting, support calls, customer dissatisfaction, and reluctance on the part of the user to try new services or experiences in the future.
*Developer does the work.* To avoid requiring the consumer to solve this NAT traversal problem manually, some Internet gateway device vendors have written and included application layer gateway support into their devices. This application layer gateway software is designed with specific applications in mind. In other words, the device vendor writes and tests specific code that will automatically enable one application to go through the NAT. If the application software is updated, the application layer code the device vendor wrote may have to be updated and tested again. This one-at-a-time way of chasing the NAT traversal problem is manageable for device vendors when there are only a few peer-to-peer or relevant applications to consider, but this approach does not scale well to 100s or 1000s of applications, can be very expensive to pursue, and likely requires specific knowledge of how each of these applications function. The better way to approach this problem is to have the device vendor add software or firmware to their device once to understand UPnP and have other devices and software be able to communicate with the NAT device using this same technology. UPnP is uniquely able to fulfill this role today.
I have underlined a passage in the last.
I hope this helps in some way.
6:58 PM Tuesday; January 1, 2008Look for bindAddr in the weblogic.properties doc.
weblogic.system.bindAddr
You can use a dns name instead of an ip address
Mike
David Chen <[email protected]> wrote:
>We are planning to add a client that needs to access our weblogic cluster
>through firewalls with IP address translation. According to the WebLogic
>(5.1) documentation, this could be done by opening port 7001 in the
>firewalls, and BIND WebLogic SERVER INSTANCES TO DNS NAMES. Does anyone
>know how to bind WebLogic server instances to DNS names? Should it be
>done in weblogic.properties?Thanks in advance,David [email protected]
-
Question on cluster and firewall IP address translation
We are planning to add a client that needs to access our weblogic cluster through firewalls with IP address translation. According to the WebLogic (5.1) documentation, this could be done by opening port 7001 in the firewalls, and BIND WebLogic SERVER INSTANCES TO DNS NAMES. Does anyone know how to bind WebLogic server instances to DNS names? Should it be done in weblogic.properties?Thanks in advance,David [email protected]
Look for bindAddr in the weblogic.properties doc.
weblogic.system.bindAddr
You can use a dns name instead of an ip address
Mike
David Chen <[email protected]> wrote:
>We are planning to add a client that needs to access our weblogic cluster
>through firewalls with IP address translation. According to the WebLogic
>(5.1) documentation, this could be done by opening port 7001 in the
>firewalls, and BIND WebLogic SERVER INSTANCES TO DNS NAMES. Does anyone
>know how to bind WebLogic server instances to DNS names? Should it be
>done in weblogic.properties?Thanks in advance,David [email protected]
-
Sticky load balancing not working because of Address Translation
This came up before - see below. I don't understand what the
soltion is/was.
WL Server puts it's ip address in the WebLogicSession cookie
which is an internal address 192.168.201.41
WL proxy knows WL Server only by an external address like 139.141.38.21. Since
it does not know of any WLS with an IP
address of 192.168.201.41, it round-robins the request instead
of sending it to the primary WLS.
Any help is much appreciated.
Mike Reiche
Robert Patrick <[email protected]> wrote:
>Hi,
>
>A very typical configuration is to put the web server in the DMZ (i.e.,
>between
>an outer and inner firewall) and proxy the requests from the web server
>to the
>WebLogic server (which sits behind the inner firewall). Since all of
>these
>proxied requests use HTTP and a single port, the only port that needs
>to be
>opened in the inner firewall is an HTTP port (the outer firewall will
>only need
>an HTTP and/or HTTPS port opened).
>
>Hope this helps,
>Robert
>
>Eytan Ben-Meir wrote:
>
>> Thanks Patrick,
>>
>> May be you can suggest options for securing a WLS behind a firewall?
>>
>> Thanks again,
>>
>> Eytan
>>
>> Robert Patrick wrote:
>>
>> > Hi,
>> >
>> > The problem is that we encode location information (e.g., IP address(es))
>> > in the session id. If the plugin sees a session id, it decodes the
>> > session id to find out where to route the request (i.e., which server
>in
>> > the cluster contains the HttpSession object for that session). Since
>the
>> > plugin cannot find the machine whose IP address is encoded in the
>session
>> > id (because of the network address translation), this will not work.
> In
>> > general, distributed application software needs to be modified to
>be
>> > capable of handling network address translation -- to my knowledge,
>> > WebLogic Server has not been modified to support this feature (though
>the
>> > Enterprise version of the product has had this support for years).
>> >
>> > Hope this helps,
>> > Robert
>> >
>> > Eytan Ben-Meir wrote:
>> >
>> > > Hi,
>> > >
>> > > Configuration:
>> > > WLS 4.5.1 on Solaris 2.7 inside a firewall.
>> > > SonicWall firewall with NAT (Network Address Translation).
>> > > Netscape Enterprise Server 4.0 outside the firewall with Weblogic
>> > > NSAPI-BRIDGE (sp 5)
>> > >
>> > > The problem:
>> > > When a browser request is sent to the NE web-erver (directed to
>the
>> > > firewall who then redirects to a Weblogic servlet).
>> > > IF The servlet creates a httpsession (with or without cookies)
>the
>> > > request fails (the firewall blocks a request directed directly
>at the
>> > > non-routable ip address of the Weblogic machine inside the firewall.
>> > > IF on the other hand the servlet does not create a http session,
>all
>> > > works fine.??????????
>> > > Does any body know something about this????
>> > >
>> > > Thanks,
>> > >
>> > > Eytan
>
This isn't my problem.
"Mike Reiche" <[email protected]> wrote:
>
>This came up before - see below. I don't understand what the
>soltion is/was.
>
>WL Server puts it's ip address in the WebLogicSession cookie
> which is an internal address 192.168.201.41
>
>WL proxy knows WL Server only by an external address like 139.141.38.21.
> Since
>it does not know of any WLS with an IP
>address of 192.168.201.41, it round-robins the request instead
>of sending it to the primary WLS.
>
>Any help is much appreciated.
>
>Mike Reiche
>
>Robert Patrick <[email protected]> wrote:
>>Hi,
>>
>>A very typical configuration is to put the web server in the DMZ (i.e.,
>>between
>>an outer and inner firewall) and proxy the requests from the web server
>>to the
>>WebLogic server (which sits behind the inner firewall). Since all of
>>these
>>proxied requests use HTTP and a single port, the only port that needs
>>to be
>>opened in the inner firewall is an HTTP port (the outer firewall will
>>only need
>>an HTTP and/or HTTPS port opened).
>>
>>Hope this helps,
>>Robert
>>
>>Eytan Ben-Meir wrote:
>>
>>> Thanks Patrick,
>>>
>>> May be you can suggest options for securing a WLS behind a firewall?
>>>
>>> Thanks again,
>>>
>>> Eytan
>>>
>>> Robert Patrick wrote:
>>>
>>> > Hi,
>>> >
>>> > The problem is that we encode location information (e.g., IP address(es))
>>> > in the session id. If the plugin sees a session id, it decodes
>the
>>> > session id to find out where to route the request (i.e., which server
>>in
>>> > the cluster contains the HttpSession object for that session).
>Since
>>the
>>> > plugin cannot find the machine whose IP address is encoded in the
>>session
>>> > id (because of the network address translation), this will not work.
>> In
>>> > general, distributed application software needs to be modified to
>>be
>>> > capable of handling network address translation -- to my knowledge,
>>> > WebLogic Server has not been modified to support this feature (though
>>the
>>> > Enterprise version of the product has had this support for years).
>>> >
>>> > Hope this helps,
>>> > Robert
>>> >
>>> > Eytan Ben-Meir wrote:
>>> >
>>> > > Hi,
>>> > >
>>> > > Configuration:
>>> > > WLS 4.5.1 on Solaris 2.7 inside a firewall.
>>> > > SonicWall firewall with NAT (Network Address Translation).
>>> > > Netscape Enterprise Server 4.0 outside the firewall with Weblogic
>>> > > NSAPI-BRIDGE (sp 5)
>>> > >
>>> > > The problem:
>>> > > When a browser request is sent to the NE web-erver (directed to
>>the
>>> > > firewall who then redirects to a Weblogic servlet).
>>> > > IF The servlet creates a httpsession (with or without cookies)
>>the
>>> > > request fails (the firewall blocks a request directed directly
>>at the
>>> > > non-routable ip address of the Weblogic machine inside the firewall.
>>> > > IF on the other hand the servlet does not create a http session,
>>all
>>> > > works fine.??????????
>>> > > Does any body know something about this????
>>> > >
>>> > > Thanks,
>>> > >
>>> > > Eytan
>>
>
-
Tuxedo and Network Address Translation(NAT) at Firewall
We made a sucessful connection through the firewall without Network Address Translation
(NAT)on the firewall, from one network to the other and what we found happened
was that the client machine makes a connection on port 8090 and then sets up a
successful connection to the server (WSL).The client then very soon afterward
makes another connection on
another high-port and everything works (WSH connection).
Whats not happening with NAT is that the second connection is not being made to
the firewall. The firewall and the router are not blocking the call. It is just
not being made.
Thanking you in advance!!!
NathanielNathaniel,
Take a look at the WSL -H option at
http://edocs.bea.com/tuxedo/tux80/atmi/rf540.htm#1534543
Regards,
Peter.
Got a Question? Ask BEA at http://askbea.bea.com
The views expressed in this posting are solely those of the author, and BEA
Systems, Inc. does not endorse any of these views.
BEA Systems, Inc. is not responsible for the accuracy or completeness of
the
information provided
and assumes no duty to correct, expand upon, delete or update any of the
information contained in this posting.
Nathaniel Sebolai wrote:
We made a sucessful connection through the firewall without Network Address Translation
(NAT)on the firewall, from one network to the other and what we found happened
was that the client machine makes a connection on port 8090 and then sets up a
successful connection to the server (WSL).The client then very soon afterward
makes another connection on
another high-port and everything works (WSH connection).
Whats not happening with NAT is that the second connection is not being made to
the firewall. The firewall and the router are not blocking the call. It is just
not being made.
Thanking you in advance!!!
Nathaniel -
How to find manager server port address
hi
i want to know managed server (soa_server1) port address in order to seed/remove community using demoCommunitySeedServlet. where to find out that one information
regards
ashok.vGo to your %ORACLE_MIDDLEWARE_HOME%/user_projects/domains/ or your domain folder, edit %ORACLE_MIDDLEWARE_HOME%/user_projects/domains/<your_domain_name>/config/config.xml. Inside this file check the ->
<server>
<name>soa_server1</name>
<ssl>
<name>soa_server1</name>
<listen-port>8002</listen-port>
</ssl>
<machine>LocalMachine</machine>
<listen-port>8001</listen-port>
<listen-address></listen-address>
<server-diagnostic-config>
<name>soa_server1</name>
<diagnostic-context-enabled>true</diagnostic-context-enabled>
</server-diagnostic-config>
</server> -
Hello All,
We are having a standalone BOE server. I have a doubt about assigning static port addresses to servers. We had a standard deployment of BusinessObjects 4.0 SP2. Our admin has assigned static request port address to APS, CMS, FRS, Crystal report servers and Dashboard server instead of using "Auto assign".
Does it necessary to assign static port address to these servers and does it necessary to open these ports on firewall?
What are the advantages of assigning static port address instead of using "Auto assign"?
As per my understanding, request port of APS, FRS and other servers are used to communicate those with CMS. And CMS and all other servers are hosted on the same server. Then why do we need to open those ports on firewall in a server.
Appreciate your help and suggestions.
Thanks and Regards,
AashutoshHi,
if you dont have a Firewall in between your Client PCs and the BOE Server you dont need to assign static ports. You only need this if a Firewall is controlling the communication between these two parts.
Most of the Services communicate only with the CMS - thats correct.
But if you use the BI LaunchPad only for vieweing and creating Reports like WebI you need to open the Port 8080 for the Application Server.
If you are using Front- End Clients for viewing and or editing Reports you need to open the CMS Port 6400 and assign a static Port to the IFRS and OFRS and open these ports too.
Regards
-Seb. -
JAX-WS generated WSDL on Sun Application Server 9: strange port address
I have deployed web service to Sun System Application Server 9, using JAX-WS 2.0. Server runs on virtual Ubuntu machine in VMware on Windows host. Then I try to connect from Windows to that webservice. When I point browser to
http://192.168.215.156:8090/X/XService?wsdl
I get WSDL with such line:
<soap:address location="http://ubuntu:8090/X/XService"/>
(instead of expected 192.168.215.156 there is host name "ubuntu")
And then calling Web Service throws UnknownHostException: ubuntu.
I thought that port name should be generated based on request URL - but it is not. I tried to change manually generated file (in domain1/generated/.. etc) - but still, even after that change and server restart, I get "ubuntu" host when access wsdl.
How to solve this problem, so that returned port address were "192.168.215.156"?I'm 100% not sure on this, but from what I can tell, SJSAS processes the WSDL file on the fly before serving it to the browser/client. It appears to modify the soap:addess location with a seemingly random domain name.
This domain name appears to be the result of a reverse lookup on the machine's own ip address. If you have access to your dns server, you can manipulate the value that way. Or just modify the HOSTS file on that machine.
I don't know any way to configure the WSDL emitter directly to use specific domain names. -
I'm asking this question just to be safe.
Can I change the Service port address on my controllers during working hours without any disruption to the client connections?
Thanks, Pat.Yes you can. The service port is for out of band management, so no client traffic should be flowing through it.
Cheers,
Steve
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
Kann W530 SLAT (Second Level Address Translation) ?
Hallo,
Unterstützt der im W 530 verbaute Prozessor SLAT (Second Level Address Translation)?
Danke
Rainer Borchmann
CEO smarttechnicsThe W530 supports SLAT and will run Hyper-V.
-
GC 11G AND Network Address Translation
HI,
I have simple question , Is Network Address Translation supported with GC 11g. I know it is not on 9i.
thanks.I can't find anything on this on the internet. So creating a SR is an option.
The only note I found was: Agent Fails to Upload Through Load Balancer, Secures Successfully [ID 1149610.1] suggesting you can use NAT.
Eric -
Carrier Grade Network Address Translation (CG-NAT)
Hello,
I live in the UK. One of the largest ISPs, BT, has begun trialling carrier grade network address translation (CG-NAT). In a nutshell, this introduces double NAT - first your broadband router, then the ISP's "router". This is before the ISP has introduced IPv6.
I fear it is only a matter of time before my ISP also introduces CG-NAT. Will/does Skype work in a CG-NAT scenario? If not, what are my options?
Kind regards,
AnwarI am new to Oracle VM. The dom0 and domU are set up by someone else. So I don't know the details. In the domU, I can't even ping the 10.244.69.35 address of the dom0.
# ping 10.244.69.35
PING 10.244.69.35 (10.244.69.35) 56(84) bytes of data.
From 192.168.200.50 icmp_seq=2 Destination Host Unreachable
From 192.168.200.50 icmp_seq=3 Destination Host Unreachable
From 192.168.200.50 icmp_seq=4 Destination Host Unreachable
The Cisco switch on the 10.*.*.* network is owned by IT and I can't change anything on it. This is why I try to set up NAT on the dom0. I would appreciate any help so that I can access the 10.*.*.* network from the domU.
Maybe you are looking for
-
I had to uninstall and reinstall Photoshop elements 6 to my Windows 7 computer because the brushes were glitching on me, and now it won't accept my serial number to register it to my computer. I received it from a bundle package when I installed
-
a week o 2 ago it started booting itself, usually when playing cs, or when surfinwit firefox as browser.. think it may have done it with ie, aint sure.. and also when playing it minimizes the game into tray.this occurs with nfs most wanted and cs. i
-
Already installed package - not by Arch?
OK, this is and odd one. Many moons and several distros ago, I installed burg to a separate /boot partition, and have continued to use this /boot partition throughout. the original installation distro has long since been eradicated from my system, an
-
Cannot get connected to Verizon network
I recently purchased a blackberry bold 9650 (one month ago). phone battery was getting low today so i plugged it in to charge via wall charger that came with phone. Phone would not charge. Phone would not recognize wall charger at all. I ended up hav
-
My mail was working up to this afternoon and all of a sudden, it is blank I have checked the settings and cannot understand what is wrong Any advise please?