Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Forward a range of ports to an internal machine

Status
Not open for further replies.
ghassett

ghassett

Programmer
May 27, 2005
2
US
Hello, I am using a Netscreen 5XP. I have a machine on the 'trust' side (internal address 192.168.2.10) configured to host web- and ftp-servers. I use a VIP to specify that traffic destined for the netscreen box on port 80 should be forwarded to 192.168.2.10:80, and port 21 to 192.168.2.10:21.

Now I am developing a server application and need to do the same thing for a large range of ports (5000 - 6000). That is, any traffic hitting my public IP address on any of these ports should get sent directly to 192.168.2.10, on that same port. VIP's seem to handle single ports only (although I defined the "service" to be a range of ports).

Any help would be very much appreciated.

Thanks


Greg Hassett
 
Sort by date Sort by votes
For situations like you describe I think a MIP is a better solution. You can do port ranges in VIPs but you need to first enable multiport VIP capability with the 'set vip multi-port' command. Then you must reboot for the change to take affect. The problem though is there is a limit to the number of virtual ports you can assign. I think the limit is 64 virtual ports for the 5XP. 5000-6000 would require 1001 virtual ports which the 5XP will not support.
 
Upvote 0 Downvote
Hi MaxPipeline ...

I agreee that a MIP would be ideal -- but for my development machine at home I do not have an assigned IP address, just a single (dynamic) address assigned by my ISP. Wouldn't a MIP require me to have a bona fide IP address to assign to my internal machine?

Thanks!

Greg
 
Upvote 0 Downvote
Ghasset,

a mip requires you to have an external ip address hosted on your 5xp, which can be the 'untrust' ip address.

This you then map to an internal address e.g. 192.168.1.200.
whenever you initiate traffic from the .200 address it will traverse the unit and pop out of the netscreen sporting a source ip equal to the MIP ip.

Hence you do not need any bona-fide or routable ip addresses hosted internally. So as you have a dynamic ip , you could use Dynamic dns and always hit your MIP and you r services.

Kind regards

Njetscreamer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Miluis
  • Locked
  • Question
How necessary is an antivirus?
Replies
3
Views
334
Rick998
Rick998
2
  • Locked
  • Question
Loss of my privacy
Replies
12
Views
2K
Rick998
Rick998
Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
1K
Sameer258
Sameer258
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
694
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
820
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top