Sasecurity Wiki
Don't have an account?
Register
Advertisement
Register
in: Sasecurity

HostAndPortMapping

Sign in to edit

back to http://scratchpad.wikia.com/wiki/Sasecurity

{{{ You can not host map a single public IP to more than one private IP, host mapping is a ONE TO ONE mapping from one IP to another, it directly maps all ports.

Think of it as a simple NAT'ed network, if all the ports from a single IP are mapped to multiple IP's the data has no way of knowing where to go. So an example of host mapping would be:

For public IP

217.x.x.50 ---> 192.168.2.30 217.x.x.51 ---> 192.168.2.60 217.x.x.52 ---> 192.168.2.90

For private IP

192.168.1.100 ---> 192.168.2.30 192.168.1.101 ---> 192.168.2.60 192.168.1.102 ---> 192.168.2.90

ALL PORTS on each IP are forwarded to the respective ports on the host mapped IP.

If you have only one public IP available you will have to use port mapping and of course you can not have the same port going to more than one private IP. So an example of port mapping would be:

192.168.1.100:25 ---> 192.168.2.30:25 192.168.1.100:80 ---> 192.168.2.30:80 192.168.1.100:4662 ---> 192.168.8.10:4662 192.168.1.100:4672 ---> 192.168.8.10:4672

You will be restricted to one of each port unless you use non-standard ports.Full details of port and host mapping including the wiana format can be found on the WiKi. http://cvs.locustworld.com:8088/locustworld/wiki?p=UsingHostMappings http://cvs.locustworld.com:8088/locustworld/wiki?p=UsingPortMappings

> I have been able to host map a public IP address to a private IP but with limited success. Here is my experience... Please comment on my problems that I have > encountered below. 1: mapped a public IP in the 217. range to four private IP.s in the following range. these three private ips also share the same radio id. 192.168.2.30 - email server and webserver 192.168.2.60 - Radius server 192.168.2.90 - DNS Bind server with a mysql database. this private ip is on another radio cell but is only one hop away from the gateway same as the other three servers above. tthis has been mapped to 192.168.8.10 I have been experimenting with opening and closing of ports for peer to peer on this computerI opened the needed T&CP and UDP ports but for some reason it still gives me a low id and that the other cannot see me as the ports still seems blocked from there ppoint of view. from the gateway I can ping all the mapped private addresses that I have mapped. I can also Sssh directly into each one directly from the gateway with no problem. my setup is as follows Service provider public Cisco router --------- my router (has a public IP) with port forwarding enabled on the ports I am interested in to the meshbox at the private ip (192.168.1.100) ------- (192.168.1.100-meshbox) with host forwarding and port forwarding enabled to the computers I want to reach. (the port forwarding on the mesh box have been left blank) my main issues are this: 1: On the three server 192.168.2.30, 192.168.2.60 and 192.168.2.90 for some reason all the internet traffic seems to prefer 192.168.2.90 and do not see any of the 

others.I tried turning off 192.168.2.90 and only having the server apache

runing on 192.168.2.30 but when someone queries the public addres or the domain name they get hung up until I enable the server at the 192.168.2.90 address then all works as it should. I have tried to reboot the gateway with all the other servers shut off except 192.168.2.30 and still does not work I have also tried to delete the mapping from the the gateway and only leaving 192.168.2.30 active. For some reason it still does not work I can ping it fromthe gateway get a webpage served locally using the 192.168.2.30 address, I can curl the page from the gateway usng the the private adress but when I try from the public address - nothing - nada - nulla - until I put back online 192.168.2.90 then all is okay i get it to actas it should. the only other thing I have done is enabled port mapping but have left them all blank. on the other hand, on my peer to peer computer which is on a nother radio cell and private ip range 192.168.8.10 I cannot seem to get it to be seen from the internet on the ports of interest mainly 4662 TCP and 4672 UDP I have enabled the host forwarding to the this box from the gateway and can ping the address of the box from the gateway but it still seems to have the ports invisible from the internet. Please let me know of your experiences on opening and closing ports in order to either abilitate or completely disabilitate peer to peer operation also if you have some sugggestion on multiple servers in the same subnet and how they can be seen suing a single public ip address please let me have your experiences. }}}

Community content is available under CC-BY-SA unless otherwise noted.
Advertisement

Fan Feed

More Sasecurity Wiki