1. Home
  2. Networking Firewalls
  3. netscreen: not allowed to port forward port outside port < 1024 toone inside >= 1024?

netscreen: not allowed to port forward port outside port < 1024 toone inside >= 1024?

Are you already using Port 80 with another policy or service for your NAT'ed IP address?

Reply to
Not-My-Real-Name
Loading thread data ...

Another good resource for netscreen issues is

formatting link

Reply to
Not-My-Real-Name

I'm using a netscreen-25 and it seems to be the case that when I try to set up a port forward from virtual port 80 (outside) to port 8080 (inside) it won't let me:

"port number should be between 1024 and 32767, or default 1024"

.... and then it sets my port 80 to be 1024. Virtuals ports < 1024 are not allowed for some reason....

I am doing the port forwarding by using the VIP (virtual IP) feature btw.

Why should there be such a limiation? Is there any compromise possible?

alex

Reply to
Alex Hunsley

Are you 100% sure? Do you have it enabled as one of the service options (turned up for management), like FTP, Telnet, SSH, etc? Check Network/Interfaces/Untrusted.

Reply to
Not-My-Real-Name

No, that is the only thing that is using port 80 anywhere on the outside of the firewall. good idea though! alex

Reply to
lex loi

thanks muchly for that, I am going there for a good rummage about.. :) alex

Reply to
lex loi

If you are using a VIP using the Untrust IP, you have to change the admin port from the default of 80 to something else, regardless if you have management turned on on the untrust int or not.

Reply to
Munpe Q

Have just checked - no management interfaces are enabled on our outside interface.

Reply to
Alex Hunsley

Ah, thanks for that info!

Reply to
Alex Hunsley

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.