?
Solved

Allow Access Internal IP Some Ports

Posted on 2014-01-02
4
Medium Priority
?
300 Views
Last Modified: 2014-01-03
I have a block of 5 "real" IP addresses that Comcast gave us.  I want to take one of those real IPs and translate it to an internal IP but only allow 4 TCP ports.

So:  Real IP:  77.88.99.111   should go to 192.168.10.5 only allow ports 20, 21, 2009, 23.

NSA- 240

Can someone tell me what I need to do?  (I know replying RTFM would be an idea, but I will not be accepting that as an answer, lol)

Thanks.
0
Comment
Question by:dougp23
  • 2
4 Comments
 
LVL 9

Expert Comment

by:Misbah
ID: 39751603
all this should be done on your firewall system .
no one can give you a detailed answer without knowing what kind of firewall you have.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39751637
Shoot I am sorry!  It's a SonicWall NSA-240.
0
 

Accepted Solution

by:
chris3453 earned 1500 total points
ID: 39751844
From the manual page 57

To add the components of a One-to-One NAT policy, perform
the following steps:
1. Navigate to the Network > NAT Policies page. Click Add.
The Add NAT Policy dialog box displays.
2. For Original Source, select Any.
3. For Translated Source, select Original.
4. For Original Destination, select X0 IP.
5. For Translated Destination, select Create new address
object and create a new address object using WAN for
Zone Assignment and Host for Type.
6. For Original Service, select ports 20, 21, 2009, 23
7. For Translated Service, select Original.
8. For Inbound Interface, select LAN
9. For Outbound Interface, select WAN.
10. For Comment, enter a short description.
11. Select the Enable NAT Policy checkbox.
12. Select the Create a reflexive policy checkbox if you want
a matching NAT Policy to be automatically created in the
opposite direction. This will create the outbound as well as
the inbound policies.
13. Click Add.

I am assuming that you are looking to NAT a single internal address to a single external address. If this is not the case then you need to create a one-to-many NAT statement
0
 
LVL 1

Author Closing Comment

by:dougp23
ID: 39755142
Thanks.  It was more involved than that, but this got me going in the right direction!
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch the video to know how one can repair corrupt Exchange OST file effortlessly and convert OST emails to MS Outlook PST file format by using Kernel for OST to PST converter tool. It can convert OST to MSG, MBOX, EML to access them. It can migrate…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question