[j-nsp] PAT on a single external IP Address?
Stefan Fouant
sfouant at gmail.com
Wed Jul 23 10:34:00 EDT 2008
I'm pretty sure it's already covered in the 'ScreenOS Concepts and
Examples: Address Translation' guide but specifically only mentioned
as part of a MIP configuration.
On Wed, Jul 23, 2008 at 5:12 AM, Sven Juergensen (KielNET)
<s.juergensen at kielnet.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Aha,
>
> reconfiguring the HTTP-adminport does
> the trick.
>
> Could someone document this please? ;)
>
> Cheers,
>
> sven03
>
>
> Sven Juergensen (KielNET) wrote:
> | Hm,
> |
> | there is one problem with this though:
> | If you want to VIP port 80, the box
> | tells you that this port is used for
> | management purposes and won't work:
> |
> | Firewall-> set int e0/0 vip interface-ip 80 http 1.2.3.4 manual
> | Not supported service: (ip:2.2.2.2/port:80) is for management of the box.
> |
> | Is there a way to switch this off so
> | that port 80 from the external inter-
> | face can be used? Disabling the
> | management for that interface either
> | completely or just 80/443 doesn't
> | change the above message.
> |
> | Thanks and regards,
> |
> | sven03
> |
> |
> | Sven Juergensen (KielNET) wrote
> | | Nice,
> | |
> | | that actually works and seems quite flexible.
> | | Perhaps I should check the webfrontend every
> | | now and then since it offers that kind of
> | | configuration ;)
> | |
> | | Thanks!
> | |
> | | Regards,
> | |
> | | sven03
> | |
> | |
> | | GIULIANO (UOL) wrote:
> | |> You can use VIP and the option: use the IP from the external interface
> | |>
> | |> And you can use and external DynDNS service to map the dynamic address
> | |> to a fixed name.
> | |>
> | |>> Well,
> | |>>
> | |>> although not documented to my knowledge,
> | |>> assigning a static IP via ppp to a pppoe
> | |>> interface and referencing it in a mip
> | |>> seems to work. ScreenOS somehow holds
> | |>> the last ppp-assigned IP sticky in the
> | |>> config so the MIP is valid even after
> | |>> a reboot. Surely this is a dirty hack
> | |>> though ;) Is there some official way
> | |>> to do this?
> | |>>
> | |>> Thanks and regards,
> | |>>
> | |>> sven03
> | |>>
> | |>>
> | |>> Sven Juergensen (KielNET) wrote:
> | |>> | Hi list,
> | |>> |
> | |>> | is it possible to have a static PAT on
> | |>> | ScreenOS when the external (public/WAN)
> | |>> | IP-Address is dynamic and point-to-point?
> | |>> |
> | |>> | E.g. have port 25 on the external IP map
> | |>> | to a single private (1918) internal host?
> | |>> |
> | |>> | VIPs seem to always reference a static IP
> | |>> | (destination PAT) and, like MIPs, require a
> | |>> | subnet on the external interface.
> | |>> |
> | |>> | Could someone suggest whether this works
> | |>> | and/or direct me to some sort of documen-
> | |>> | tation?
> | |>> |
> | |>> | Many thanks and regards,
> | |>> |
> | |>> | sven03
> | |>> |
> | |>> |
> | |>> | Mit freundlichen Gruessen
> | |>> |
> | |>> | i. A. Sven Juergensen
> | |>> |
> | |>>
> | |>> Mit freundlichen Gruessen
> | |>>
> | |>> i. A. Sven Juergensen
> | |>>
> | |>
> | |
> | |
> | | Mit freundlichen Gruessen
> | |
> | | i. A. Sven Juergensen
> | |
> |
> |
> | Mit freundlichen Gruessen
> |
> | i. A. Sven Juergensen
> |
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> Mit freundlichen Gruessen
>
> i. A. Sven Juergensen
>
> - --
> Fachbereich
> Informationstechnologie
>
> KielNET GmbH
> Gesellschaft fuer Kommunikation
> Preusserstr. 1-9, 24105 Kiel
>
> Telefon : 0431 / 2219-053
> Telefax : 0431 / 2219-005
> E-Mail : s.juergensen at kielnet.de
> Internet: http://www.kielnet.de
>
> Geschaeftsfuehrer Eberhard Schmidt
> HRB 4499 (Amtsgericht Kiel)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.9 (GNU/Linux)
>
> iEYEARECAAYFAkiG9g8ACgkQnEU7erAt4TIRPQCgs3CfgpMbTtl5rCe8OJOHkSpS
> +B4An24TaxyuzW6kCnhqvoqXWQwbr2oh
> =3neA
> -----END PGP SIGNATURE-----
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D
More information about the juniper-nsp
mailing list