Port forwarding

Discussion in 'Cisco' started by J1C, Feb 2, 2006.

  1. J1C

    J1C Guest

    Can I use my PIX to forward any HTTP request to HTTPS?
     
    J1C, Feb 2, 2006
    #1
    1. Advertising

  2. J1C

    jcottingim Guest

    You can use it to change the port number, but what your talking about
    is a change in protocol. You'll need something like a proxy to do that.
     
    jcottingim, Feb 2, 2006
    #2
    1. Advertising

  3. J1C

    J1C Guest

    I can do it with a script - but I was just curious if I could do the
    same or similar with the firewall.

    Could I change reqeusts going to tcp80 to tcp443?
     
    J1C, Feb 2, 2006
    #3
  4. In article <>,
    J1C <> wrote:
    >I can do it with a script - but I was just curious if I could do the
    >same or similar with the firewall.


    >Could I change reqeusts going to tcp80 to tcp443?


    You can use a PIX to forward nearly any port to nearly any other port
    (you can't forward port 0, and there are a couple of reserved ports
    for the outside interface IP).

    Forwarding a port will not change the protocol, so unless your
    tcp 443 server is somehow able to answer plain HTTP queries
    that are not wrapped in SSL, you probably aren't going to like
    the result...

    Note too that you can only forward one port to any given destination
    port. You cannot forward port 80 to port 443 -and- have port 443
    go straight through. So if your TCP 443 server responds to the
    HTTP request with an https:// URL at the same host, unless
    you've redirected incoming 443 to something else, you will have
    problems.
     
    Walter Roberson, Feb 3, 2006
    #4
  5. J1C

    Gond Guest

    Couldn't you also configure the "static" line (NAT) with the port
    translation (PIX version 6.2 and up, I believe)? Or is this what you
    meant already by "forwarding"?

    ie: static (inside,dmz) tcp YOURSERVER 80 YOURSERVER 443 netmask
    255.255.255.255

    Just curious,

    Gond

    Walter Roberson wrote:
    > In article <>,
    > J1C <> wrote:
    > >I can do it with a script - but I was just curious if I could do the
    > >same or similar with the firewall.

    >
    > >Could I change reqeusts going to tcp80 to tcp443?

    >
    > You can use a PIX to forward nearly any port to nearly any other port
    > (you can't forward port 0, and there are a couple of reserved ports
    > for the outside interface IP).
    >
    > Forwarding a port will not change the protocol, so unless your
    > tcp 443 server is somehow able to answer plain HTTP queries
    > that are not wrapped in SSL, you probably aren't going to like
    > the result...
    >
    > Note too that you can only forward one port to any given destination
    > port. You cannot forward port 80 to port 443 -and- have port 443
    > go straight through. So if your TCP 443 server responds to the
    > HTTP request with an https:// URL at the same host, unless
    > you've redirected incoming 443 to something else, you will have
    > problems.
     
    Gond, Feb 3, 2006
    #5
  6. In article <>,
    Gond <> wrote:
    >Couldn't you also configure the "static" line (NAT) with the port
    >translation (PIX version 6.2 and up, I believe)? Or is this what you
    >meant already by "forwarding"?


    >ie: static (inside,dmz) tcp YOURSERVER 80 YOURSERVER 443 netmask
    >255.255.255.255


    Yes, that is static PAT, and is what I meant by "forwarding"
    (a term I used because that is what the original poster used.)

    As I indicated earlier, using static PAT does not change the
    protocol: it just forwards data unchanged.
     
    Walter Roberson, Feb 3, 2006
    #6
  7. J1C

    Gond Guest

    Thank you!

    Gond
     
    Gond, Feb 3, 2006
    #7
  8. J1C

    John Smith Guest

    On Thu, 02 Feb 2006 12:05:05 -0800, J1C wrote:

    > Can I use my PIX to forward any HTTP request to HTTPS?


    since you can't do it thru the pix, you will have to rely on html. write
    a simple http web page that does an instant refresh to the https page that
    you would rather have users go to.. (remember to open/nat both ports on
    firewall)
    if by chance your problem has to do with Exchange/OWA, M$ has a KB
    article
    that covers this specifically.
    http://support.microsoft.com/default.aspx?scid=kb;en-us;555053#kb1
     
    John Smith, Feb 3, 2006
    #8
  9. J1C

    J1C Guest

    Yes, I used a script to do it - I was just wondering if a PIX could do
    something similar.
     
    J1C, Feb 3, 2006
    #9
  10. In article <>,
    J1C <> wrote:
    Please quote context. The people who answer questions here mostly
    do not use googlegroups as their primary reading interface, so
    they might not be able to see the previous posting (or it might
    have expired for them, or it might not have reached them...)

    Re-injecting the context:

    >On Thu, 02 Feb 2006 12:05:05 -0800, J1C wrote:


    >> Can I use my PIX to forward any HTTP request to HTTPS?



    >Yes, I used a script to do it - I was just wondering if a PIX could do
    >something similar.


    You don't need a script for it: just a single static page with
    a HEAD element of META http-equivilent set to redirect to the
    new page.
     
    Walter Roberson, Feb 3, 2006
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?QW5keSBU?=

    Port forwarding problems with SP2

    =?Utf-8?B?QW5keSBU?=, Mar 28, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    578
    =?Utf-8?B?QW5keSBU?=
    Mar 29, 2005
  2. Corbin O'Reilly

    [HELP] Cisco PIX 515 Port Forwarding

    Corbin O'Reilly, Sep 26, 2003, in forum: Cisco
    Replies:
    4
    Views:
    8,273
    Walter Roberson
    Sep 26, 2003
  3. Salus

    Cisco PIX Port Forwarding

    Salus, Oct 20, 2003, in forum: Cisco
    Replies:
    2
    Views:
    5,240
    Jyri Korhonen
    Oct 20, 2003
  4. Salus
    Replies:
    4
    Views:
    2,080
    Aaron Woody
    Oct 21, 2003
  5. ToyalP2
    Replies:
    7
    Views:
    1,542
    ToyalP2
    Jan 7, 2008
Loading...

Share This Page