Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
953
Views
10
Helpful
3
Replies

port forwarding concept

Go to solution
baselzind
Level 6
Level 6

‎08-26-2018 03:48 AM - edited ‎03-10-2019 01:04 AM

i was wondering about natting and natting with port forwarding , correct me if im wrong:

1-normal natting allow specific public addresses on any port to reach specific local address on any port

2-port forwarding is used with natting when we want a certain source public address on a certain port to reach a local address on a different port? is there any point of making natting with port-forwarding with the same source port and destination port?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-26-2018 05:11 AM

1. Correct - assuming there's an associated access-list for the traffic. We may static NAT for all ports but normally restrict the incoming traffic to the ports necessary for the service to operate.

 

2. Your first citation is the most common method. You might want to have same port incoming forwarded to itself on the real ip address if you have other incoming ports on alternate real ports. for instance, you only have one public IP to work with. Server A gets the traffic sent to its native port (say https on tcp/443) on the public IP. Servers B and C also need to serve up https so you give them 8443 and 9443.

 

Note you said source port and destination port. That's not the correct way of stating it. You should be thinking in terms of original destination port and translated destination port. Source ports are most often an ephemeral tcp (or udp) port - i.e. something 1025 or higher - and dynamically assigned when a given connection or flow is initiated.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-26-2018 05:11 AM

1. Correct - assuming there's an associated access-list for the traffic. We may static NAT for all ports but normally restrict the incoming traffic to the ports necessary for the service to operate.

 

2. Your first citation is the most common method. You might want to have same port incoming forwarded to itself on the real ip address if you have other incoming ports on alternate real ports. for instance, you only have one public IP to work with. Server A gets the traffic sent to its native port (say https on tcp/443) on the public IP. Servers B and C also need to serve up https so you give them 8443 and 9443.

 

Note you said source port and destination port. That's not the correct way of stating it. You should be thinking in terms of original destination port and translated destination port. Source ports are most often an ephemeral tcp (or udp) port - i.e. something 1025 or higher - and dynamically assigned when a given connection or flow is initiated.

Go to solution
baselzind
Level 6
Level 6
In response to Marvin Rhoads

‎08-26-2018 10:33 PM

but regarding the last bit of my question , does natting + port forwarding  from the same source port to the same destination port serve any purpose? isnt it meaningless? 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to baselzind

‎08-26-2018 11:24 PM

Yes it can make sense in some situations. That is what I described in point point #2 earlier.

Customers Also Viewed These Support Documents