Solved

Allow Access Internal IP Some Ports

Posted on 2014-01-02
4
276 Views
Last Modified: 2014-01-03
I have a block of 5 "real" IP addresses that Comcast gave us.  I want to take one of those real IPs and translate it to an internal IP but only allow 4 TCP ports.

So:  Real IP:  77.88.99.111   should go to 192.168.10.5 only allow ports 20, 21, 2009, 23.

NSA- 240

Can someone tell me what I need to do?  (I know replying RTFM would be an idea, but I will not be accepting that as an answer, lol)

Thanks.
0
Comment
Question by:dougp23
  • 2
4 Comments
 
LVL 9

Expert Comment

by:Misbah
ID: 39751603
all this should be done on your firewall system .
no one can give you a detailed answer without knowing what kind of firewall you have.
0
 
LVL 1

Author Comment

by:dougp23
ID: 39751637
Shoot I am sorry!  It's a SonicWall NSA-240.
0
 

Accepted Solution

by:
chris3453 earned 500 total points
ID: 39751844
From the manual page 57

To add the components of a One-to-One NAT policy, perform
the following steps:
1. Navigate to the Network > NAT Policies page. Click Add.
The Add NAT Policy dialog box displays.
2. For Original Source, select Any.
3. For Translated Source, select Original.
4. For Original Destination, select X0 IP.
5. For Translated Destination, select Create new address
object and create a new address object using WAN for
Zone Assignment and Host for Type.
6. For Original Service, select ports 20, 21, 2009, 23
7. For Translated Service, select Original.
8. For Inbound Interface, select LAN
9. For Outbound Interface, select WAN.
10. For Comment, enter a short description.
11. Select the Enable NAT Policy checkbox.
12. Select the Create a reflexive policy checkbox if you want
a matching NAT Policy to be automatically created in the
opposite direction. This will create the outbound as well as
the inbound policies.
13. Click Add.

I am assuming that you are looking to NAT a single internal address to a single external address. If this is not the case then you need to create a one-to-many NAT statement
0
 
LVL 1

Author Closing Comment

by:dougp23
ID: 39755142
Thanks.  It was more involved than that, but this got me going in the right direction!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now