Solved

Port re-directing from outside network

Posted on 2012-04-11
5
643 Views
Last Modified: 2012-05-11
I have a customer that uses a credit card processing software.  Each month they scan his network from outside.  It shows that he has port 23 open on his network, which in fact he does.  There is a piece of software (AS400 client access) that uses that port.  I need to know of a router that I could put in place that could totally re-direct to another port.  Certain routers do that, but it needs to be able to specify a different port that redirects.  For instance, if I were to access the AS400 from outside the network, I would like to change the client access program to use port 9999 instead of 23.   Then on the router, it would say if port 9999 is coming, then change over to port 23 and use that.  I have tried changing the port# on the as400 side to another one, but I can not get it to work.  Any clients that are connecting to the as400 inside the building would still be using port 23.  Would that scenario work? Any thoughts on this?  Thanks, Kevin
0
Comment
Question by:kevinecaldwell
5 Comments
 
LVL 7

Expert Comment

by:BelushiLomax
ID: 37834194
Use a firewall for PAT (Port address translation) for external access IP only...9999 translates to 23.
0
 
LVL 10

Expert Comment

by:asavah
ID: 37834460
Any half-decent router should be able to do such thing.
And it would work exactly as you want, it opens 9999 (or any) port on the outside IP and redirects it to a given local ip address and port,from inside the lan the port would not change. Such options are usually available within router web-gui.
We would need actual router model to give you more directions.
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 37838352
Here is how I do it with my router
0
 
LVL 6

Expert Comment

by:Jon Snyderman
ID: 37839588
Any Wathcguard or SonicWall will do this easily.   But also being an iSeries guy, I dont recommend this.   Client Access supports full SSH encryption and there are other simpler emulators that do the same.   iSeries passwords at most companies are fairly lax and opening any port to an unsecured telnet port is very risky.   BTW, changing the port number is security by obscurity and any simple free port scanner will sniff it out very fast.   I would recommend insuring passwords are good (for everyone) and then using a secure SSH session, or use a firewall with VPN capability and let the users open a VPN session and then connect direct to the iSeries with no changes to the iSeries or Client Access.

~Jon
0
 

Author Closing Comment

by:kevinecaldwell
ID: 37959621
The TP-Link 300M router worked perfectly.  I had tried 2 other routers but they did not the same way as that one.  Thanks
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now