Port re-directing from outside network

I have a customer that uses a credit card processing software.  Each month they scan his network from outside.  It shows that he has port 23 open on his network, which in fact he does.  There is a piece of software (AS400 client access) that uses that port.  I need to know of a router that I could put in place that could totally re-direct to another port.  Certain routers do that, but it needs to be able to specify a different port that redirects.  For instance, if I were to access the AS400 from outside the network, I would like to change the client access program to use port 9999 instead of 23.   Then on the router, it would say if port 9999 is coming, then change over to port 23 and use that.  I have tried changing the port# on the as400 side to another one, but I can not get it to work.  Any clients that are connecting to the as400 inside the building would still be using port 23.  Would that scenario work? Any thoughts on this?  Thanks, Kevin
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Use a firewall for PAT (Port address translation) for external access IP only...9999 translates to 23.
Any half-decent router should be able to do such thing.
And it would work exactly as you want, it opens 9999 (or any) port on the outside IP and redirects it to a given local ip address and port,from inside the lan the port would not change. Such options are usually available within router web-gui.
We would need actual router model to give you more directions.
David Johnson, CD, MVPOwnerCommented:
Here is how I do it with my router

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jon SnydermanCommented:
Any Wathcguard or SonicWall will do this easily.   But also being an iSeries guy, I dont recommend this.   Client Access supports full SSH encryption and there are other simpler emulators that do the same.   iSeries passwords at most companies are fairly lax and opening any port to an unsecured telnet port is very risky.   BTW, changing the port number is security by obscurity and any simple free port scanner will sniff it out very fast.   I would recommend insuring passwords are good (for everyone) and then using a secure SSH session, or use a firewall with VPN capability and let the users open a VPN session and then connect direct to the iSeries with no changes to the iSeries or Client Access.

Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
The TP-Link 300M router worked perfectly.  I had tried 2 other routers but they did not the same way as that one.  Thanks
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.