Port redirection in Border Manger 3.7

Similar Messages

• ACE 4170 port redirection in Bridged mode

  Hi Friends,
  Is it possible to do port redirection on ACE while it is configured on Bridged Mode. For example. a user is accessing the Loadbalancer VIP on port 80 and this is redirected to port 8080 on backend servers?
  I have attached a diagram for easier understanding. Is there a need to configure NAT in such cases?
  Any help will be appreciated. Thanks in advance guys.

  Hi,
  if you want to allow ping to the VIP address, you only need to apply this command in your L3-4 policy map:
  loadbalance vip icmp-reply
  example:
  policy-map multi-match L4-TEST-VIPS
  class WWW-TEST
  loadbalance vip inservice
  loadbalance policy WWW_POLICY
  loadbalance vip icmp-reply
  more info can be found here:
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/configuration/slb/guide/classlb.html#wp1000929
  If you want ICMP to pass through the ACE tp reach the real servers, you need to allow it in an ACL.
  Hope this helps,
  Dario

• Wrt54gs V4 FWv1.06.1 - Port Redirection not supported? Any workarounds?

  My office does not allow any outbound traffic except for port 80 and 443. On my home network I have VNCServer listening on port 5900. I'd like to have the incoming port 443 to go 192.168.1.102 port 5900. I'm able to successfully 'port range forward' port 443 to go to 192.168.1.102 port 443 ( I modified my VNC Server to listen on port 443 ). I am having difficulty when my VNC Server listens on it's normal port of 5900 as no matter what I do in ' port triggering ' it doesn't allow for port redirection, not that I see. Any help would be appreciated.

  I does not support port redirection. I think none of the Linksys routers supports that.

• Virtual Hosts & Port Redirections

  Hi guys,
  In 10.6 i used to be able to setin the Server Admin GUI settings for the web service. This included Virtual Hosts & Port Redirections. How do i go about doing this on 10.7?
  For example, I need myserver.mycompany.com:80 to redirect to myserver.mycompany.com:8088 & mygreatsite.company.com:80 to redirect to mygreatsite.company.com:9006.
  Both of which are hosted on myserver.mycompany.com.
  Links apprecaited.. i'm guessing i'm in for an Apache lesson?

  I hope that article helps you, maybe you can figure it out and post back for the rest of us!
  I haven't actually read it yet, I just saved it to my Pinboard page for later, because I know eventually I will have to deal with vhosts in Lion.

• Confused asa 5520 port redirect

  HI
  The network was simple like thie
             lan-------------(gi 1)--asa5520--(gi 0)--------------wan
  lan subnet is :  192.168.0.0/24
  wan: only one ip address   1.1.1.1
  The reqire was that:   allow all lan hosts  access to the internet  .
                                    there  is a www server  (192.168.1.10)  in lan. Need it to serve for internet.
  I config the asa like this:
       interface gi 0
            nameif outside
            ip add 1.1.1.1 255.255.255.252
       interface gi 1
            nameif inside
            ip add 192.168.1.1
       object network lan_hosts
            subnet 192.168.1.0 255.255.255.0
            nat (inside,outside) after-auto dynamic source interface
       object networkd www_host
            host 192.168.1.10
            nat (inside,outside) static interface service tcp http http
  after that, i access  the   http://1.1.1.1  from internet. BUT the port redirection wasn't work.
  what's wrong .
  can someone help me!
  tks.

  Hi,
  Although I can't see anything wrong with the actual NAT configurations I would suggest the following for them
  Default PAT for LAN
  object-group network DEFAULT-PAT-LAN-SOURCE
  network-object 192.168.1.0 255.255.255.0
  nat (any,outside) after-auto source dynamic DEFAULT-PAT-LAN-SOURCE interface
  Port Forward configurations you can leave them as is.
  Have you opened the traffic with ACL also?
  For example
  access-list OUTSIDE-IN Remark Allow HTTP for Server
  access-list OUTSIDE-IN permit tcp any object www_host eq www
  access-group OUTSIDE-IN in interface outside
  Please rate if you have found the information helpfull. Ask more questions if needed.
  - Jouni

• DesktopApp auto update URL port redirection.

  Hi Everyone,
  We are using Filr-1.0.1-HP1 and we are using the port-redirection option to redirect port 80 & 443 to 8080 & 8443 respectively. However this port-redirection doesn't seem to work for the auto update URL. I would rather not open the port 8443 on the firewall. Am i missing some configuration option somewhere?
  https://<baseurl>/Desktopapp
  invalid URL
  https://<baseurl>:8443/Desktopapp
  OK
  Kind Regards,
  Justin Zandbergen
  edit: typo's

  Originally Posted by thsundel
  Justin, take a look here: https://forums.novell.com/showthread...67#post2295867
  Tomas
  Hi Thomas,
  Thanks for the advice, i knew that was an option, but i would have preferred to stick it on filr.<customer>.nl/desktopapp instead of something.<customer>.nl/desktopapp. Ah well, it works now. Thanks!
  Kind Regards,
  Justin Zandbergen

• Datasocket port redirection

  I need to communicate with a datasocket through a firewall where I can open only 1 port. This article: http://digital.ni.com/public.nsf/websearch/FCF8A1464BD2F6D686256B59007C9A6F?opendocument&Submitted&&node=133020_US explains that datasocket client use, a random port in interval: 1024-65536. Do you know if exists a windows tool for port redirection (or other tricks...)?
  Thank you,
  paolo.

  I haven't tried this, but the first thing that comes to mind is specifing the port after the datasocket address. Something like this...
  dstp://192.192.0.1/getdata:1024
  You use this same format for URLs when you need to use a specific port.
  Ed
  Ed Dickens - Certified LabVIEW Architect - DISTek Integration, Inc. - NI Certified Alliance Partner
  Using the Abort button to stop your VI is like using a tree to stop your car. It works, but there may be consequences.

• Port redirection probelms

  I need to map my computer 192.168.0.1 to our static IP address so that I can access a FileMaker database remotely.
  Our dLink router had a modem built in and we just used to set port redirection and it worked, but that died recently and we are now using a separate modem and an Airport Extreme.
  Our static IP address does not appear in the AE setting and we cannot seem to get the setting right to gain outside access.
  Can anyone help?

  Kevch wrote:
  I need to map my computer 192.168.0.1 to our static IP address so that I can access a FileMaker database remotely.
  Our static IP address does not appear in the AE setting and we cannot seem to get the setting right to gain outside access.
  To configure the AirPort Extreme to use your static IP address, put AirPort Utility into "manual setup" mode, then visit the Internet panel, TCP/IP tab. If your ISP is able to provide your static IP address via DHCP, then set "Configure IPv4" to "Using DHCP", otherwise set it to "Manually".
  To map your computer to that address, I'd first go to the Internet panel, DHCP tab, and reserve a local IP address for your computer. Then go to the NAT tab, check "Enable default host at", and supply that reserved IP address. If you can't get that to work, go to the Advanced panel, Port Mapping tab, and control the mapping there.

• RV180W - problems on rules and port redirections

  Hello,
  I installed a RV180W router a month ago.
  Our production server has to retreive informations on a remote server so I set up the rules and port redirections accordingly on the firewall.
  I noticed that some times the rules didn't work anymore and I had to reboot the RV to fix it.
  The rules are still active on the router's admin panel as well as the services and the port redirection. The last firmware is installed.
  Does anyone experienced the same problem and found a fix?
  Thanks in advance,
  Best regards

  I hate to say it, but there are issues like this with the rv series.  Have you replace the router with another one?  That's the first thing I would try since you can probably exchange it easily right now.
  Huntsville's Premiere Car and Bike e-magazine: www.huntsvillecarscene.com

• Forced Port Redirect

  Using Oracle 9i on Linux with remote client connection, how does one force port redirection? Specifically we have the listener on port 1521 and want the server to respond to the client on a different port.
  Thanks,
  Chris

  Create another port on listner and
  change port on tnsname files of client machine.
  like
  listner
  LISTENER1 =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = pro400)(PORT = 1433))
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC6))
  SID_LIST_LISTENER1 =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = e:\ORA)
  (PROGRAM = extproc)
  (SID_DESC =
  (GLOBAL_DBNAME = new8i)
  (ORACLE_HOME = e:\Ora)
  (SID_NAME = new8i)
  tnsname of client
  NEW8I =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = pro400)(PORT = 1433))
  (CONNECT_DATA =
  (SERVICE_NAME = new8i)
  hope it will help you
  kuljeet pal singh

• Hello I would like to know how green port redirects fine permanant DHSCP

  hello I would like to know how green port redirects fine permanant DHSCP
  I precesise that c for the IP TV and web server
  on device cisco small business RV 180W
  thank you

  Sorry, that was the wrong source code. Source code is:
  package authen;
  import javax.swing.*;
  public class Authenticator extends javax.swing.JFrame{
  JTextField username = new JTextField(15);
  JPasswordField password = new JPasswordField(15);
  JTextArea comments = new JTextArea(4, 15);
  JButton ok = new JButton("OK");
  JButton cancel = new JButton("Cancel");
  public Authenticator() {
  super("Account Information");
  setSize(300, 220);
  setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
  JPanel pane = new JPanel();
  JLabel usernameLabel = new JLabel("Username:");
  JLabel passwordLabel = new JLabel("Password:");
  JLabel commentsLabel = new JLabel("Comments:");
  comments.setLineWrap(true);
  comments.setWrapStyleWord(true);
  pane.add(usernameLabel);
  pane.add(username);
  pane.add(passwordLabel);
  pane.add(password);
  pane.add(commentsLabel);
  pane.add(comments);
  pane.add(ok);
  pane.add(cancel);
  add(pane);
  setVisible(true);
  public static void main(String[] args) {
  Authenticator auth = new Authenticator();
  }

• CSM port redirect query

  Dear All,
  I have the following scenario that I need to configure on CSM 4.2(12) (Cisco 6513).
  Scenario:
  Real IPs: 10.10.10.3 & 10.10.10.4
  VIP: 10.10.10.1
  When users will access 10.10.10.1 on port 81, 82, 83, 84 & 85. I want to forward port (redirect) this request to port 80.
  Is this possible.
  Can someone please post the required configuration for the above scenario.
  Client and Server vlans are in the same subnet.
  Thanks in advance
  Regards,
  Anser

  This is possible.
  All you need is specify the port you want to use by the rserver and by the vserver.
  for example
  serverfarm MyFarm
    rserver 10.10.10.3 80
      inservice
    rserver 10.10.10.4 80
      inservice
  vserver MYVIP81
    virtual 10.10.10.1 tcp port 81
    serverfarm MyFarm
    inservice
  Gilles.

• CSS Port redirection

  Hi,
  I have CSS in single arm deployment model. I want to configure port redirection for the servers.  Servers are actually running web service on port TCP 3636. Which is accessibale by VIP http://192.168.200.87:3636 but I dont want to give user this URL I want the user to use standard HTTP URL as mention below
  I want user to open http://192.168.200.87 and once they access this URL automatically CSS redirect them to port 3636. How I can achive this. I am using IP addresses for the load balancing.
  service MYSERVER_1
    ip address 192.168.200.40
    keepalive port 3636
    keepalive type tcp
    active
  service MYSERVER_2
    ip address 192.168.200.38
    keepalive type tcp
    keepalive port 3636
    active
  content MYSERVERS
      add service MYSERVER_1
      add service MYSERVER_2
      protocol tcp
      port 3636
      advanced-balance sticky-srcip
      vip address 192.168.200.87
      active
  group MYSERVER
    add destination service MYSERVER_1
    add destination service MYSERVER_2
    vip address 192.168.200.87
    active group MYSERVER
  How i can do this and make the user traffic for http to redirect to port 3636.

  Hi,
  What you need to do here is actually configure the port under the service itself and change to content rule from port 3636 to 80. It would look like this
  service MYSERVER_1
    ip address 192.168.200.40
    keepalive port 3636
    keepalive type tcp
    port 3636
    active
  service MYSERVER_2
    ip address 192.168.200.38
    keepalive type tcp
    keepalive port 3636
    port 3636
    active
  content MYSERVERS
      add service MYSERVER_1
      add service MYSERVER_2
      protocol tcp
      port 80
      advanced-balance sticky-srcip
      vip address 192.168.200.87
      active
  This should do the trick
  HTH
  Pablo

• [SOLVED]port redirect/routing question

  Hi,
  mypc - router - ( INTERNET ) - another pc
                                             - destination pc
  "another pc" and "destination pc" are both connected to the internet via offical ips, but ports <1024 are blocked.
  "another pc" can connect to "destination pc" via ssh (they are in the same network).
  now i would like to connect to "another pc" and get redirected (dont know how) to "destination pc" port 22
  "another pc" can connect to "destination pc" via ssh, but another pc is not my machine and i would prefer not to put my private key on it. also this solution should only work once.
  This works if i want to connect to some machine inside a private lan over a router connected to the inet, but since "another pc" and "destination pc" are in the same network is nat the way to go?
  iptables -t nat -A PREROUTING -p tcp -i ppp0 --dport 222 -j DNAT --to-destination 192.168.10.30:22
  Any ideas?
  greets
  metalfan
  Last edited by metalfan (2007-12-24 17:06:58)

  You need openssh and tsocks
  Run these commands from mypc
  #tsocks configuration
  /etc/tsocks.conf
  server = 127.0.0.1
  #this will start a shell on another, just let it run. port 1080 is the default port...no entry in /etc/tsocks.conf needed
  ssh -D 1080 "another pc"
  #or ssh -l yourloginnameon"another pc" -D 1080 "another pc"    #if its another user on "another pc"
  #on another shell
  tsocks ssh "destination pc"
  took me one day to get this running, thx to Al_Berto@quakenet who solved the mistery.
  greets
  metalfan
  Last edited by metalfan (2007-12-24 17:07:59)

• ACE 4710 A3 outbound static NAT with Port redirection

  Hi
  I have asked this question before, but as I have not get far with it I am going to try to be more specific this time.
  I have a server that needs to do an outbound connection to a mail server. The connection has to be initiated to port 26, that then will be NATed to the external IP and port 26 redirected to port 25 for the SMTP connection.
  When I try to configure this:
  ACE-2/TEST(config-pmap-c)# nat static x.x.x.x netmask 255.255.255.255 tcp eq 23 vlan 99
  I get the error: Error: Invalid real port configured for NAT static
  Any ideas what it means anyone?

  Right. Forget about the previous question. I have an update.
  I get this output on show nat policies at the moment:
  NAT object ID:39 mapped_if:19 policy_id:50 type:STATIC static_xlate_id:64
  ID:64 Static port translation
  Real addr:172.21.7.11 Real port:26 Real interface:18
  Mapped addr:x.x.x.x Mapped port:25 Mapped interface:19
  Netmask:255.255.255.255
  where x.x.x.x - is the Public, external IP address on the ACE.
  I need the traffic FROM the 172.21.7.11 server going anywhere TO port 26 to be remapped to x.x.x.x port 25. At the moment it does not do it. The service policy on the inside doesn't even get a hit when I am telnetting from the 172.21.7.11 server on port 26 to the outside world. It does get hits when I telnet to x.x.x.x external IP address from outside.
  Something is telling me I am looking at it from a wrong direction altogether.
  This is the config I have at the moment:
  access-list 130 line 20 extended permit ip any any
  access-list Source_NAT line 10 extended permit tcp host 172.21.7.11 eq 26 any
  class-map match-any Class_Port26
  2 match access-list Source_NAT
  policy-map multi-match Policy_Port26_Static
  class Class_Port26
  nat static x.x.x.x netmask 255.255.255.255 tcp eq smtp vlan 99
  interface vlan 107
  ip address 172.21.7.2 255.255.255.240
  peer ip address 172.21.7.1 255.255.255.240
  access-group input 130
  service-policy input Policy_Port26_Static
  no shutdown
  No server farms, no load balancing. Just that.
  Any ideas?