[j-nsp] PAT on a single external IP Address?

Sven Juergensen (KielNET) s.juergensen at kielnet.de
Wed Jul 23 05:12:48 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aha,

reconfiguring the HTTP-adminport does
the trick.

Could someone document this please? ;)

Cheers,

sven03


Sven Juergensen (KielNET) wrote:
| Hm,
|
| there is one problem with this though:
| If you want to VIP port 80, the box
| tells you that this port is used for
| management purposes and won't work:
|
| Firewall-> set int e0/0 vip interface-ip 80 http 1.2.3.4 manual
| Not supported service: (ip:2.2.2.2/port:80) is for management of the box.
|
| Is there a way to switch this off so
| that port 80 from the external inter-
| face can be used? Disabling the
| management for that interface either
| completely or just 80/443 doesn't
| change the above message.
|
| Thanks and regards,
|
| sven03
|
|
| Sven Juergensen (KielNET) wrote
| | Nice,
| |
| | that actually works and seems quite flexible.
| | Perhaps I should check the webfrontend every
| | now and then since it offers that kind of
| | configuration ;)
| |
| | Thanks!
| |
| | Regards,
| |
| | sven03
| |
| |
| | GIULIANO (UOL) wrote:
| |> You can use VIP and the option: use the IP from the external interface
| |>
| |> And you can use and external DynDNS service to map the dynamic address
| |> to a fixed name.
| |>
| |>> Well,
| |>>
| |>> although not documented to my knowledge,
| |>> assigning a static IP via ppp to a pppoe
| |>> interface and referencing it in a mip
| |>> seems to work. ScreenOS somehow holds
| |>> the last ppp-assigned IP sticky in the
| |>> config so the MIP is valid even after
| |>> a reboot. Surely this is a dirty hack
| |>> though ;) Is there some official way
| |>> to do this?
| |>>
| |>> Thanks and regards,
| |>>
| |>> sven03
| |>>
| |>>
| |>> Sven Juergensen (KielNET) wrote:
| |>> | Hi list,
| |>> |
| |>> | is it possible to have a static PAT on
| |>> | ScreenOS when the external (public/WAN)
| |>> | IP-Address is dynamic and point-to-point?
| |>> |
| |>> | E.g. have port 25 on the external IP map
| |>> | to a single private (1918) internal host?
| |>> |
| |>> | VIPs seem to always reference a static IP
| |>> | (destination PAT) and, like MIPs, require a
| |>> | subnet on the external interface.
| |>> |
| |>> | Could someone suggest whether this works
| |>> | and/or direct me to some sort of documen-
| |>> | tation?
| |>> |
| |>> | Many thanks and regards,
| |>> |
| |>> | sven03
| |>> |
| |>> |
| |>> | Mit freundlichen Gruessen
| |>> |
| |>> | i. A. Sven Juergensen
| |>> |
| |>>
| |>> Mit freundlichen Gruessen
| |>>
| |>> i. A. Sven Juergensen
| |>>
| |>
| |
| |
| | Mit freundlichen Gruessen
| |
| | i. A. Sven Juergensen
| |
|
|
| Mit freundlichen Gruessen
|
| i. A. Sven Juergensen
|
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Mit freundlichen Gruessen

i. A. Sven Juergensen

- --
Fachbereich
Informationstechnologie

KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel

Telefon : 0431 / 2219-053
Telefax : 0431 / 2219-005
E-Mail  : s.juergensen at kielnet.de
Internet: http://www.kielnet.de

Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkiG9g8ACgkQnEU7erAt4TIRPQCgs3CfgpMbTtl5rCe8OJOHkSpS
+B4An24TaxyuzW6kCnhqvoqXWQwbr2oh
=3neA
-----END PGP SIGNATURE-----


More information about the juniper-nsp mailing list