Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How to change port from INSIDE to OUTSIDE

Posted on 2011-10-31
14
Medium Priority
?
196 Views
Last Modified: 2013-01-09
LAN1 (192.168.8.0/24) ---- INTERNET/VPN ---- LAN2 (192.168.100.0/24)
I would like to change the port 514 of the host 192.168.8.254 while is going to reach the 192.168.100.241 host.
Is it possible to do it with ip nat?
0
Comment
Question by:arefone
  • 6
  • 6
13 Comments
 
LVL 6

Accepted Solution

by:
Lee_YCP earned 2000 total points
ID: 37057693
Hiarefone,
To answer your question, generally "yes".  I say this because your question is not totally clear and there may be a better alternative, such as port forwading.

In your question, is the source of the port 514 traffic the host 192.168.8.254 or the entire network.  Do you mean that you want LAN1 port 514 traffic with a destination of 192.168.8.254 to be sent to host 192.168.100.241 on LAN2 instead?  

If this is the case, your devices that are generating the Syslog messages could be reconfigured to point to the LAN2 host for the Syslog messages.  Depending on the connection devices between the two subnets, you could use port forwarding.  What devices are used for the VPN connection?
0
 
LVL 1

Author Comment

by:arefone
ID: 37057791
Hello Lee,
The syslog server is in Lan 2 "192.168.100.241" and it is listening on port 1514, so what I need to do is change the port 514 of 192.168.8.254 "the ip address of the router Lan1" to port 1514, so syslog server will be able to comunicate with it.
I mean:
192.168.8.254 (udp 514) ---> GOING TO 192.168.100.241 ----> 192.168.8.254 (udp 1514) --> 192.168.100.241

I know how to do it from outside to inside, but not from inside to outside.

Any advice?
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 37057898
Ok, I need to understand the devices in use.  You said "internet/vpn" between LAN1 and LAN2.  Are these routers with VPN or firewall w/ VPN?  What make/model are they?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:arefone
ID: 37057919
Ok ok, sorry mate, here is the scheme:
LAN1 (192.168.8.0/24) - CISCO ROUTER 877 ---- INTERNET/VPN ---- PIX515E - LAN2 (192.168.100.0/24)
The vpn is site to site, and it is working just fine.
As I told you, the problem is that I cann't change the listening port of syslog server on 192.168.100.241 because it is listening also to other device who sends messagges on that port, I need sempre change/redirect the port 514 to port 1514 in the packets coming from 192.168.8.254 to 192.168.100.241.
0
 
LVL 1

Author Comment

by:arefone
ID: 37057963
FOR EXAMPLE, SEE THIS:
ip nat inside source static tcp yyy.yyy.yyy.yyy 5901 xxx.xxx.xxx.xxx 5999
As I know, this is meaning when some packet coming from outside (xxx.xxx.xxx.xxx) on port 5999 will be redirected to inside (yyy.yyy.yyy.yyy) port 5901
I need to do same thing but by reversing it:
Packet send from 192.168.8.254 udp 514 "PORT REDIRECTING" 192.168.8.254 1514 -- Router 877 --- INTERNET --- PIX515E - 192.168.100.241
in this case, I want the 192.168.100.241 riceives packet from 192.168.8.254 with UDP1514 port inside NOT with UDP514.

Apologize for my bad english.
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 37058797
Yes, but if I had to guess since I can't see your router config, your VPN connection is not using NAT.  It is using simple routing after the VPN connection is made.  Let me check something for the 877...
0
 
LVL 1

Author Comment

by:arefone
ID: 37058855
Yes, it does not using nat, the both subnets can see each other correctely!
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 37063481
Is there a layer 2 or 3 device between the pix and the SYSLOG server?
0
 
LVL 6

Expert Comment

by:Lee_YCP
ID: 37063516
And how many ports on your pix and how many in use?
0
 
LVL 1

Author Comment

by:arefone
ID: 37063520
No Lee, I think you are getting confused with all those stuff, we can discuss the command to apply on the router directly and after will see if is not going to work we can figure it out.
0
 
LVL 6

Assisted Solution

by:Lee_YCP
Lee_YCP earned 2000 total points
ID: 37072914
That's just it.  Either of these devices could be NAT'ing traffic, but it doesn't matter becasue the Site-to-Site VPN bypasses the NAT'ing on both sides; therefore, the possiblity to use PAT is bypassed.  

Other questions/directions:
1.  You could get around this by using a seperate port on the PIX that you could place on a different subnet and then NAT/PAT it.  (Hence, my question before.)  This would allow you to use port redirection like you are wanting, but you would then have to change the IP of the SYSLOG server.

2.  Will the SYSLOG Server software that you are using listen on more than one port?

3.  Why not just tell the devices on LAN1 to use 1514 instead of 514?
0
 
LVL 1

Author Comment

by:arefone
ID: 37076207
Hi Lee,

Before receiving your last post I already solved the problem by doing one of the following:
1. Using on my router the command to specific the port of syslog messages sending to the server
2. Doing a static nat on the firewall.

But anyway I would like to learn how to do the redirect from inside to outside on the router. If you have any idea to do it let me know, so I can give you the points.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 38758249
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question