cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
696
Views
4
Helpful
2
Replies

Redirect http/https to port 8080 PIX 6.3

paulstone80
Participant
Participant

Hi,

Just looking for a bit of direction on this problem. I need to redirect all http and https traffic from one source in a dmz network, to port tcp/8080 on a proxy server on the inside network.

The source device doesn't handle proxying very well, so i've been advised to redirect the tcp/80 and tcp/443 ports to tcp/8080 as it passes through the firewall.

Scenario is thus:

PIX 515E 6.3 (5)

DMZ server: 172.31.255.250 (Real IP), 10.44.181.236 (NAT IP)

Inside Proxy server: 10.44.132.28 (Real IP), 172.31.255.110 (NAT IP)

I've configured a static NAT redirect using the following command:

static (inside,dmz) tcp 172.31.255.110 www 10.44.132.28 8080 netmask 255.255.255.255 0 0

When I try to add the next command of:

static (inside,dmz) tcp 172.31.255.110 443 10.44.132.28 8080 netmask 255.255.255.255 0 0

I get the following error:

ERROR: duplicate of existing static

Is there a work around for this at all or am I stuck with the limitations of the software?

Thanks,

Paul

HTH Paul ****Please rate useful posts****
2 Replies 2

Julio Carvajal
Advisor
Advisor

Hello Paul,

Each host can only listen on one port once.. In this case the host 10.44.132.28 is already listening on port 8080 for traffic that reaches the firewall on the dmz interface on port 443 on one particular IP.

In this case you must use a different port than 8080 or a different host on the inside,

Regards,

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for your response jcarvaja.

I thought this may be the case, but wasn't sure if there was a work around for it. Unfortunately the device listening on tcp/8080 is a proxy server so it will only allow inbound connections on port 8080.

Thanks,

Paul

HTH Paul ****Please rate useful posts****
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers