Port forwarding

Is there any way to do a dynamic or contents based type port forwarding?

For example, I have this in my IOS:

ip nat inside source static tcp 192.168.1.7 6881 interface Dialer1 6881 (This is a wireless camera port to my PC)

What I would like to do is enable the port to open and close dynamically from incoming to outgoing (Say, everytime I turn on the camera, the port opens. When I turn it off, the port closes.)

Is there any way to do this? Thanks.

Reply to
Flatch U. Lance
Loading thread data ...

Can I use my PIX to forward any HTTP request to HTTPS?

Reply to
J1C

You can use it to change the port number, but what your talking about is a change in protocol. You'll need something like a proxy to do that.

Reply to
jcottingim

I can do it with a script - but I was just curious if I could do the same or similar with the firewall.

Could I change reqeusts going to tcp80 to tcp443?

Reply to
J1C

You can use a PIX to forward nearly any port to nearly any other port (you can't forward port 0, and there are a couple of reserved ports for the outside interface IP).

Forwarding a port will not change the protocol, so unless your tcp 443 server is somehow able to answer plain HTTP queries that are not wrapped in SSL, you probably aren't going to like the result...

Note too that you can only forward one port to any given destination port. You cannot forward port 80 to port 443 -and- have port 443 go straight through. So if your TCP 443 server responds to the HTTP request with an https:// URL at the same host, unless you've redirected incoming 443 to something else, you will have problems.

Reply to
Walter Roberson

Couldn't you also configure the "static" line (NAT) with the port translation (PIX version 6.2 and up, I believe)? Or is this what you meant already by "forwarding"?

ie: static (inside,dmz) tcp YOURSERVER 80 YOURSERVER 443 netmask

255.255.255.255

Just curious,

G> > >I can do it with a script - but I was just curious if I could do the

Reply to
Gond

Yes, that is static PAT, and is what I meant by "forwarding" (a term I used because that is what the original poster used.)

As I indicated earlier, using static PAT does not change the protocol: it just forwards data unchanged.

Reply to
Walter Roberson

since you can't do it thru the pix, you will have to rely on html. write a simple http web page that does an instant refresh to the https page that you would rather have users go to.. (remember to open/nat both ports on firewall) if by chance your problem has to do with Exchange/OWA, M$ has a KB article that covers this specifically.

formatting link

Reply to
John Smith

Yes, I used a script to do it - I was just wondering if a PIX could do something similar.

Reply to
J1C

In article , J1C wrote: Please quote context. The people who answer questions here mostly do not use googlegroups as their primary reading interface, so they might not be able to see the previous posting (or it might have expired for them, or it might not have reached them...)

Re-injecting the context:

You don't need a script for it: just a single static page with a HEAD element of META http-equivilent set to redirect to the new page.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.