All Cisco-Network Study Notes: Port Redirection

Port Redirection

Port redirection allows one accessible IP abode to serve as the accessible IP abode for

more than one server. Anchorage redirection allows you to ascertain a mapping amid a

port on a accessible IP abode and a anchorage on a clandestine IP address.To accredit redirection,

an admission account or aqueduct charge be created, as cartage is bridge from a lower

security-level interface to a college security-level interface.

Mappings can be set at the anchorage level, and an IP abode can serve many

servers. Secure Corp. has set up a arrangement at its Toronto armpit and assigned alone a

single accessible IP abode from the ISP. At this site, Secure Corp. has two Web

servers, one Telnet server, and one FTP server. How can it accomplish all these services

accessible about with a distinct IP address? Use the changeless command to perform

port redirection:

static [(, )] {tcp | udp} {

| interface} [netmask ]

[ []] [norandomseq]

We discussed the changeless command beforehand in the chapter, so we will not go

through all the ambit again. However, we will acquaint some new parameters

here, including global_port and local_port.A agreement (tcp or udp) charge additionally be

specified so that the PIX knows the protocol/port brace to acquire and forward.

Instead of application a global_ip, you can use the interface advantage to specify the IP

address of the PIX interface in postnat_if_name.This advantage is important if you do

not accept any added accessible IP addresses.

To configure anchorage redirection for the aboriginal Web server, the command is as

follows:

www.syngress.com

116 Affiliate 3 • Passing Traffic

PIX1(config)# changeless (dmz, outside) tcp interface 80 172.16.1.1 80

If the aggregation additionally capital to host Telnet, FTP, and addition Web server, three

more changeless commands would map the ports to the actual servers. Since the Web

port is already taken, a aerial anchorage (8080) is called for admission to the added Web

server.This archetype is apparent in Figure 3.5.The added commands are as

follows:

PIX1(config)# changeless (dmz, outside) tcp interface 23 172.16.1.2 23

PIX1(config)# changeless (dmz, outside) tcp interface 8080 172.16.1.3 80

PIX1(config)# changeless (dmz, outside) tcp interface 21 172.16.1.4 21

Port Redirection Example
Port Redirection Mappings
10.1.1.1
172.16.1.1 172.16.1.2 172.16.1.3 172.16.1.4
80 - TCP 23 - TCP 80 - TCP 21 - TCP
Client opens an ftp session with
10.1.1.1
Client opens a telnet session with
10.1.1.1
Client opens an http session with
10.1.1.1
Client opens an http session on port
8080 with 10.1.1.1
1
Port Private IP Port Proto.
21 172.16.1.4 21 TCP
23 172.16.1.2 23
80 172.16.1.1 80
8080 172.16.1.3 80
TCP
TCP
TCP
2
3
4
3 2 4 1