Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Port forwarding

Reply
Thread Tools

Port forwarding

 
 
J1C
Guest
Posts: n/a
 
      02-02-2006
Can I use my PIX to forward any HTTP request to HTTPS?

 
Reply With Quote
 
 
 
 
jcottingim
Guest
Posts: n/a
 
      02-02-2006
You can use it to change the port number, but what your talking about
is a change in protocol. You'll need something like a proxy to do that.

 
Reply With Quote
 
 
 
 
J1C
Guest
Posts: n/a
 
      02-02-2006
I can do it with a script - but I was just curious if I could do the
same or similar with the firewall.

Could I change reqeusts going to tcp80 to tcp443?

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      02-03-2006
In article <(E-Mail Removed). com>,
J1C <(E-Mail Removed)> wrote:
>I can do it with a script - but I was just curious if I could do the
>same or similar with the firewall.


>Could I change reqeusts going to tcp80 to tcp443?


You can use a PIX to forward nearly any port to nearly any other port
(you can't forward port 0, and there are a couple of reserved ports
for the outside interface IP).

Forwarding a port will not change the protocol, so unless your
tcp 443 server is somehow able to answer plain HTTP queries
that are not wrapped in SSL, you probably aren't going to like
the result...

Note too that you can only forward one port to any given destination
port. You cannot forward port 80 to port 443 -and- have port 443
go straight through. So if your TCP 443 server responds to the
HTTP request with an https:// URL at the same host, unless
you've redirected incoming 443 to something else, you will have
problems.
 
Reply With Quote
 
Gond
Guest
Posts: n/a
 
      02-03-2006
Couldn't you also configure the "static" line (NAT) with the port
translation (PIX version 6.2 and up, I believe)? Or is this what you
meant already by "forwarding"?

ie: static (inside,dmz) tcp YOURSERVER 80 YOURSERVER 443 netmask
255.255.255.255

Just curious,

Gond

Walter Roberson wrote:
> In article <(E-Mail Removed). com>,
> J1C <(E-Mail Removed)> wrote:
> >I can do it with a script - but I was just curious if I could do the
> >same or similar with the firewall.

>
> >Could I change reqeusts going to tcp80 to tcp443?

>
> You can use a PIX to forward nearly any port to nearly any other port
> (you can't forward port 0, and there are a couple of reserved ports
> for the outside interface IP).
>
> Forwarding a port will not change the protocol, so unless your
> tcp 443 server is somehow able to answer plain HTTP queries
> that are not wrapped in SSL, you probably aren't going to like
> the result...
>
> Note too that you can only forward one port to any given destination
> port. You cannot forward port 80 to port 443 -and- have port 443
> go straight through. So if your TCP 443 server responds to the
> HTTP request with an https:// URL at the same host, unless
> you've redirected incoming 443 to something else, you will have
> problems.


 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      02-03-2006
In article <(E-Mail Removed). com>,
Gond <(E-Mail Removed)> wrote:
>Couldn't you also configure the "static" line (NAT) with the port
>translation (PIX version 6.2 and up, I believe)? Or is this what you
>meant already by "forwarding"?


>ie: static (inside,dmz) tcp YOURSERVER 80 YOURSERVER 443 netmask
>255.255.255.255


Yes, that is static PAT, and is what I meant by "forwarding"
(a term I used because that is what the original poster used.)

As I indicated earlier, using static PAT does not change the
protocol: it just forwards data unchanged.
 
Reply With Quote
 
Gond
Guest
Posts: n/a
 
      02-03-2006
Thank you!

Gond

 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      02-03-2006
On Thu, 02 Feb 2006 12:05:05 -0800, J1C wrote:

> Can I use my PIX to forward any HTTP request to HTTPS?


since you can't do it thru the pix, you will have to rely on html. write
a simple http web page that does an instant refresh to the https page that
you would rather have users go to.. (remember to open/nat both ports on
firewall)
if by chance your problem has to do with Exchange/OWA, M$ has a KB
article
that covers this specifically.
http://support.microsoft.com/default...-us;555053#kb1
 
Reply With Quote
 
J1C
Guest
Posts: n/a
 
      02-03-2006
Yes, I used a script to do it - I was just wondering if a PIX could do
something similar.

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      02-03-2006
In article <(E-Mail Removed) .com>,
J1C <(E-Mail Removed)> wrote:
Please quote context. The people who answer questions here mostly
do not use googlegroups as their primary reading interface, so
they might not be able to see the previous posting (or it might
have expired for them, or it might not have reached them...)

Re-injecting the context:

>On Thu, 02 Feb 2006 12:05:05 -0800, J1C wrote:


>> Can I use my PIX to forward any HTTP request to HTTPS?



>Yes, I used a script to do it - I was just wondering if a PIX could do
>something similar.


You don't need a script for it: just a single static page with
a HEAD element of META http-equivilent set to redirect to the
new page.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
forwarding Args&&... vs forwarding Args... Andrew Tomazos C++ 5 01-05-2012 11:15 PM
Router Port forwarding/port triggering WHAT DO THEY DO? ToyalP2 Computer Support 7 01-07-2008 08:08 AM
Port forwarding problems with SP2 =?Utf-8?B?QW5keSBU?= Wireless Networking 1 03-29-2005 07:13 PM
Simple CGI port forwarding question Navic Perl 2 05-11-2004 11:40 AM
[HELP] Cisco PIX 515 Port Forwarding Corbin O'Reilly Cisco 4 09-26-2003 08:39 PM



Advertisments