Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1170
  • Last Modified:

Redirect a hard coded IP address

I posted this over at the sonicwall forums but I'm not getting any response.

I have a device on my network running an application that must talk to another server. When the app was written the IP address it talks to was hard coded in. That address has since changed and the app doesn't work anymore.

We have a new development team working on it but the new app won't be ready for months. In the mean time I would like to redirect this traffic some how.

The server is behind a sonicwall tz210 and the IP I want to redirect it to is also behind a sonicwall, an NSA240.

Is there some way to have the tz210 grab this IP and redirect it to the nsa240?
2 Solutions
The short answer is yes, you can do that with NAT.  What happened to the old address?  It might be easier to assign a secondary IP address to the server so it will listen on the old address as well as the new one.
Cas KristCommented:
Maybe with NAT policies, never tried this before.

Source original : firewalled subnets
Source translated: X1 IP

Destination original:  (the hard coded ip)
destination translated: (the new ip)

Service original: (try to add the service or choose any)
Service translated: original

interface inbound: any (not sure about this one)
interface outbound: any (not sure about his onne either)

Not sure, but you can try it.

AJNSAuthor Commented:
the IP address it is trying to reach is actually a live IP on the internet that used to belong to the wan interface on a firewall. That is no longer our IP, it stayed with a hosting company.

Do you think NAT will get me out one firewall and back in the other?
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

NAT is not going to do you any good if you don't have access to the IP address anymore.  NAT will convert address from an outside port to an inside port (or any variation like that) but you have to have an interface that is "listening" for that address.  The issue you've got is that even if you configured that address on your public interface the carrier isn't routing that address to your premise so the traffic would never get there.

So did you have the public address configured directly on the server?  If so, then you could create that address as a secondary address on the LAN interface of your router.  You could then NAT a different public address that appears on the public side of your router now to the old address.  That should work for you.
Cas KristCommented:
When the NAT policy is used on the 'sending' firewall, the traffic is redirected to the new ip address. The receiving firewall accepts that traffic.
Cas KristCommented:
Sure this method works
Cas KristCommented:
I've used this outbound NAT policy to redirect traffic to SMTP-servers, not exactly this setup, but close.
Cas KristCommented:

3) Accept one or more Expert posts as the answer

Following an 'Objection' by caskrist (at http://www.experts-exchange.com/Q_26833797.html) to the intended closure of this question, it has been reviewed by at least one Moderator and is being closed as recommended by the Expert.
At this point I am going to re-start the auto-close procedure.
Thank you,
Community Support Moderator

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now