[j-nsp] PAT on a single external IP Address?

Wed Jul 23 04:16:43 EDT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hm,

there is one problem with this though:
If you want to VIP port 80, the box
tells you that this port is used for
management purposes and won't work:

Firewall-> set int e0/0 vip interface-ip 80 http 1.2.3.4 manual
Not supported service: (ip:2.2.2.2/port:80) is for management of the box.

Is there a way to switch this off so
that port 80 from the external inter-
face can be used? Disabling the
management for that interface either
completely or just 80/443 doesn't
change the above message.

Thanks and regards,

sven03

Sven Juergensen (KielNET) wrote
| Nice,
|
| that actually works and seems quite flexible.
| Perhaps I should check the webfrontend every
| now and then since it offers that kind of
| configuration ;)
|
| Thanks!
|
| Regards,
|
| sven03
|
|
| GIULIANO (UOL) wrote:
|> You can use VIP and the option: use the IP from the external interface
|>
|> And you can use and external DynDNS service to map the dynamic address
|> to a fixed name.
|>
|>> Well,
|>>
|>> although not documented to my knowledge,
|>> assigning a static IP via ppp to a pppoe
|>> interface and referencing it in a mip
|>> seems to work. ScreenOS somehow holds
|>> the last ppp-assigned IP sticky in the
|>> config so the MIP is valid even after
|>> a reboot. Surely this is a dirty hack
|>> though ;) Is there some official way
|>> to do this?
|>>
|>> Thanks and regards,
|>>
|>> sven03
|>>
|>>
|>> Sven Juergensen (KielNET) wrote:
|>> | Hi list,
|>> |
|>> | is it possible to have a static PAT on
|>> | ScreenOS when the external (public/WAN)
|>> | IP-Address is dynamic and point-to-point?
|>> |
|>> | E.g. have port 25 on the external IP map
|>> | to a single private (1918) internal host?
|>> |
|>> | VIPs seem to always reference a static IP
|>> | (destination PAT) and, like MIPs, require a
|>> | subnet on the external interface.
|>> |
|>> | Could someone suggest whether this works
|>> | and/or direct me to some sort of documen-
|>> | tation?
|>> |
|>> | Many thanks and regards,
|>> |
|>> | sven03
|>> |
|>> |
|>> | Mit freundlichen Gruessen
|>> |
|>> | i. A. Sven Juergensen
|>> |
|>>
|>> Mit freundlichen Gruessen
|>>
|>> i. A. Sven Juergensen
|>>
|>
|
|
| Mit freundlichen Gruessen
|
| i. A. Sven Juergensen
|

Mit freundlichen Gruessen

i. A. Sven Juergensen

- --
Fachbereich
Informationstechnologie

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : s.juergensen at kielnet.de
Internet: http://www.kielnet.de

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiG6OsACgkQnEU7erAt4TL5WQCfbrF7R39tg6cT31m91mc8j/Wo
FN4An1gW+fXRlfalvyxb2PsolMYEMcyv
=rDJS
-----END PGP SIGNATURE-----