Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

paa
New Member

NAT - how to change destination address and port?

Hi all!

I have a task to create a redirection from one ip-address to another. For example:

10.0.0.1 port 80 ---> 10.10.10.1 port 8080

I don't have problem with change destination ip-address (ip nat inside destination list), but - how can I change a destination port?

12 REPLIES
New Member

Re: NAT - how to change destination address and port?

Hi !

For instance :

ip nat inside source static tcp 10.0.0.1 80 10.10.10.1 8080 extendable

Regards,

Laszlo

paa
New Member

Re: NAT - how to change destination address and port?

Ok, full task:

I have a network 10.0.0.1/24, i have a proxy server 10.0.0.10 port 3128. So, I want to do redirection from 10.0.0.1/24 to any web (destination port 80, 8080, 443) to my proxy server 10.0.0.10 port 3128. How can I do it?

New Member

Re: NAT - how to change destination address and port?

Sorry, I may not clearly understand your network setup, because it seems to me that your proxy server is on the same network as your hosts whose traffic you want to redirect, is it not ?

paa
New Member

Re: NAT - how to change destination address and port?

Yes, sorry my first mistakes =) I want to do redirection inside one network. My proxy server and client PCs in one network 10.0.0.1/24

New Member

Re: NAT - how to change destination address and port?

Well, as far as I know, this is not possible.

NAT is always working between interfaces designated as inside and outside and are able to translate between different networks.

Laszlo

paa
New Member

Re: NAT - how to change destination address and port?

And If it will be a different network?

For example, my proxy server ip 20.0.0.10 - how can I do changing of destination port for many hosts?

New Member

Re: NAT - how to change destination address and port?

So you want to redirect all traffic destined to specific ports but any ip address, to a specific ip address and a specific /squid/ port ?

First I thought PBR would help, but it will not change the destination IP.

What you want to do, is rather a proxy functionality, and I do not think a router would do that.

It is an interesting question and I am still thinking on it, but for now I do not have any idea.

paa
New Member

Re: NAT - how to change destination address and port?

"So you want to redirect all traffic destined to specific ports but any ip address, to a specific ip address and a specific /squid/ port ?"

Yes, it's correct

I think about route-map and "ip nat inside" with route-map, but I still have a problem with destination port changing. Thanks for you working/thinking =)

New Member

Re: NAT - how to change destination address and port?

Hi,

Have you found a solution. I'm looking for the same workaround?

Greets,

Norbert

Re: NAT - how to change destination address and port?

Hi,

What if we create subinterfaces on the inside interface ?

f0/0.1 - VLAN 10 - 10.0.0.0/24 - your inside LAN

f0/0.2 - VLAN 20 - 20.0.0.0/24 - NW in which your Squid proxy resides

Re: NAT - how to change destination address and port?

create subinterfaces on the inside interface....

f0/0.1 - VLAN 10 - 10.0.0.0/24 - your inside LAN

f0/0.2 - VLAN 20 - 20.0.0.0/24 - NW in which your Squid proxy resides

Configure the Squid proxy with 2 instances one listening on port 80 and other instance listening on port 443.

Now Use route map to forward port 80 requests to Squid proxy on port 80

and forward port 443 requests to Squid on port 443

New Member

Re: NAT - how to change destination address and port?

Hi

Can this linux sample somehow be configured on an ASA or IOS-Router?

At least it should be work for the squid-box. Route-map (port 80) -> squid (port 80) -> iptables -> squid (port 8080)

Redirection

There is a specialized case of Destination NAT called redirection: it is a simple convenience which is exactly equivalent to doing DNAT to the address of the incoming interface.

## Send incoming port-80 web traffic to our squid (transparent) proxy

# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \

-j REDIRECT --to-port 8080

3004
Views
0
Helpful
12
Replies