One-to-One NAT with limited ports?
One-to-One NAT with limited ports?
I have multiple static IP's with my ISP configured. I have a Node on my network that is mapped to one of those static IPs. I can't seem to get the firewall rule in place to only allow port 80 and 443 through. I have tried both Gateway ACLs and Switch ACLs. Can someone point me in the right direction?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@AntonAU I'm the OP, and I was able to get something that worked for me. Using Switch ACLs, I did the following:
1. Create the 1 to 1 NAT rule. In my case, it was one of my public IP Aliases to an internal address of 192.168.x.x.
2. I then created Switch ACls. In my case, I wanted my internal LAN to be able to VNC to the private address of the 1 to 1 nat.
a. I created a rule allowing all 10.x.x.x addresses access to the internal address of the 1 to 1 nat. (192.168.x.x/32) on port 5900.
b. second rule was to deny VNC ports for source IP Group_Any all protocols denied to 192.168.x.x/32 (internal address) on port 5900. This blocks VNC.
So, ultimately, I can block whatever ports I want (including all but 443 if that is what I want), and then only the open ports will be allowed to pass through to the internal IP address.
I'm somewhat rebuilding my process from looking at the existing rules, but I am pretty sure this is the jist of what I have.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 582
Replies: 11
Voters 0
No one has voted for it yet.