1. Home
  2. Networking Firewalls
  3. Netscreen 5GT VIP's and Bridge Mode

Netscreen 5GT VIP's and Bridge Mode

Hi, I currently have a Netscreen 5GT-AV Firewall connected to a Netcomm NB1300 ADSL Modem/Router. The modem is in non-bridged mode and its LAN interface is 192.168.0.1. The Netscreens Untrust Interface (connected directly to LAN Interface on the NB1300) IP is 192.168.0.254. The Netscreens Trust Interface is 192.168.1.1. I have port forwarding set up on the NB1300 and a VIP on Netscreen forwarding all RDP traffic (port 3389) using a Custom Service to my server behind the firewall to allow remote administration. This works perfectly well. I need to set up a second port forwarding/VIP policy that will allow remote administration of another server currently behind the firewall using RDP. I think the best way to do this would be to inniate the connection to the second server on a different port (3390). So far it is proving tricky. I would like to simplify this task first of all however by putting the modem in to Bridge mode. Correct me if I am wrong, but as I understand it, this will mean that I will only have to configure this VIP on the firewall and no port forwarding on the modem as in Bridge mode, the modem acts purely as an interface, so to speak, for the firewall to the web. If this is the case, presuming the modem is set up correctly for bridging, do I only need to configure a new PPPoE Instance with my authentication details etc and bind this to the Untrust Interface to complete the bridging functionality on the Netscreen. I tried this but was not able to make a connection. And on the matter of the VIP for the second server, I have created a second Custom Service with the following settings: Transport Protocol: TCP Source Low: 1024 Source High: 65535 Dest Low: 3390 Dest High: 3390 I have then set this Custom Service up on the Untrust Interface, using Virtual Port 3390 and mapping it to the private IP of the new server. I would ideally like any traffic to my public IP on port 3390 to be forwarded to my second servers IP whilst being converted to port 3389 (default MS RDP/TS port) once it is passed through the firewall. If the port translation is not possible I can always change the port that the second server lists for RDP traffic on to 3390. Any thoughts or suggestions on this over all task would be greatly appreciated.

Reply to
vee dub
Loading thread data ...

First of all, you need a longer description on this post.

Secondly, there are many ways to accomplish this, but first might I say that you should consider the 5GT-ADSL and terminate the ADSL directly on box. Ok, so the next thing to consider is to do a destination based NAT in the policy and change the the destination port as needed. Or, in your VIP, the Map to Service should be the custom service you created 3390, but the Virtual Port needs to be changed back to 3389 to accomplish the port forwarding unless you change the server port for RDP. I've decided to drop off here, because I can see this getting ugly.

Reply to
Munpe Q

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.