02-27-2013 10:20 AM - edited 03-11-2019 06:06 PM
Hi,
Just looking for a bit of direction on this problem. I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.
The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.
Scenario is thus:
PIX 515E 6.3 (5)
DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)
Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)
I've configured a static NAT redirect using the following command:
static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0
When I try to add the next command of:
static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0
I get the following error:
ERROR: duplicate of existing static
Is there a work around for this at all or am I stuck with the limitations of the software?
Thanks,
Paul
03-04-2013 05:53 PM
Hello Paul,
Each host can only listen on one port once.. In this case the host 10.44.132.28 is already listening on port 8080 for traffic that reaches the firewall on the dmz interface on port 443 on one particular IP.
In this case you must use a different port than 8080 or a different host on the inside,
Regards,
Remember to rate all of the helpful posts
03-12-2013 01:39 AM
Thanks for your response jcarvaja.
I thought this may be the case, but wasn't sure if there was a work around for it. Unfortunately the device listening on tcp/8080 is a proxy server so it will only allow inbound connections on port 8080.
Thanks,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide