Jump to content


Photo

Forward traffic from on TCP port to another TCP port?

NG F900 TCP

  • Please log in to reply
3 replies to this topic

#1 Jonathan Klein

Jonathan Klein
  • Members
  • 33 posts

Posted 23 March 2016 - 11:44 AM

I am setting up a forwarding rule for a customer, who wants to forward traffic from port 80 to port 8080 on one rule and port 443 to port 4443 on another rule.

 

I tried to set up a Pass forwarding rule where I would put port 80 in the service column and <IP address>:8080 in the destination but the NG won't allow it. I tried to put 8080 in the interface box but that wouldn't work either.

 

Is there a certain way to set up the forwarding rule to forward traffic from port 80 to port 8080 or port 443 to port 4443?

 

Thank You,

 

Jonathan



#2 Alex Absher

Alex Absher
  • Members
  • 4 posts

Posted 23 March 2016 - 03:21 PM

Hi Jonathan,

 

This should work. But you will need to create multiple rules for each different port.

 

Are you trying to have the firewall listen on port 80 or 8080 / port 443 or port 4443 and what is the server actually listening on.

 

Here's an example if you want the firewall to listen on port 80 and redirect it to 8080.

 

Dst NAT rule: Source:(internet) Service: (80) Destination: (outside ip) Redirection: Inside/server's internal ip:8080 Connection method: No SNAT

If you would like, we can open a case and help you with this.

 

Thanks,

 

Alex Absher

Technical Support Engineer

 

 

If you would like immediate assistance with your currently open case, please call our main line at 408-342-5300 and ask to speak to the next available technician.



#3 Jonathan Klein

Jonathan Klein
  • Members
  • 33 posts

Posted 23 March 2016 - 07:13 PM

Hello Alex,

 

Thank you for the reply.

 

Our setup looks like this:

 

Dst NAT: Source (Internet) Service (TCP 80 and 443) Destination (proxy server)

 

Pass rule: Source (proxy server) Service (80) Destination (fe server:8080)

 

Pass rule: Source (proxy server) Service (443) Destination (fe server:4443)

 

Would this set up work?

 

I wanted to leave out the IP addresses for security purposes.

 

Jonathan



#4 Bartek Moczulski

Bartek Moczulski
  • Barracuda Team Members
  • 102 posts
  • LocationEMEA

Posted 24 March 2016 - 03:54 AM

Not with Pass rule.

 

If you want to change anything in destination IP or port, it means you need a redirection rule (Dst NAT), not Pass. There you can define IP:port in "Target list" field. Pass action can only do source NAT.

 

Check out this article for details on DNAT:

https://techlib.barr...WCreateDNATRule

 

On the other hand - why don't you configure your proxy to simply use ports 8080 and 4443 for web servers?