pix config for nat port 80 and port 8080 to same internal ip and port?
I've been struggling with this for a while, and searched for an answer which has eluded me so far.
I currently have a Pix 515E Version 6.3(5) setup to allow incoming requests on port 80 to be redirected to a server at port 8162 and incoming requests on port 8080 to redirect to the same server at port 8080. (The internal and external IPs are the same ie 1:1 NAT).
Re: pix config for nat port 80 and port 8080 to same internal ip
Cannot be possible on PIX/ASA the way you want to do it, even using bellow policy nat you would get dup error right on static entries I tested it on asa but did not work using bellow ports, you would need another spare public IP.
This scenario did NOT work
access-list policy_nat_port8080 extended permit ip host xxx.xxx.xxx.34 any
access-list policy_nat_port8162 extended permit ip host xxx.xxx.xxx.34 any
access-list outside_access_in extended permit tcp any host eq 8080 log
access-list outside_access_in extended permit tcp any host eq 8162 log
where 192.168.1.1 and 192.168.1.2 are the same server.
That may be a better solution than what I do right now, however I am very surprised that the PIX cannot do this as it seems to be a common need to map different ports to the same destination port, I do that all the time with the OpenBSD PF based firewalls I use. If indeed the PIX can't do it, then I think I need to find a new firewall device that can do it.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...