DNAT with different external port to different internal port.

cancel
Showing results for 
Search instead for 
Did you mean: 

DNAT with different external port to different internal port.

L1 Bithead

Hello, how are you all, I hope you are well.

I would like to do the following:

 

In Fortinet is the following possible, DNAT, with Public IP example:
198.10.100.100:8081 ( alternate port ) ---DNAT-Mapping---Private IP destination 192.168.100.100:80 ( Port 80)

 

This in PALO ALTO, how is it configured, please your support, thank you very much.

Greetings and I remain attentive

High Sticker
1 ACCEPTED SOLUTION

Accepted Solutions

@GabrielReyes 

Your NAT rule should look something like that:

Screenshot_20210522-222320_Chrome.jpg

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

@GabrielReyes 

 

Please se below url for Destination NAT with Port  translation

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/nat/nat-configuration-examples/...

 

Regards

MP

Dear, thank you, the example seems more similar to a UTURN-NAT:


In this case, what you are looking for is:
External 198.10.100.100:8081 ( alternate port ) ---DNAT-Mapping---Private IP destination 192.168.100.100:80 ( Port 80).
Externally answer port 8081 and the DNAT in the destination is a port other than the external one, in this case 80.
Another example: 198.10.100.100.100:33899 ( 33899 different port for RDP ), externally answer to 33899 and the DNAT, map it to 192.168.100.100:3389 ( RDP ).

High Sticker

@MP18 The procedure / information sent, only allows to do a NAT Portforwarding, to port 8080, since the port is chosen and is mapped to the server that responds on port 8080, but what I am looking for, so the examples, is the following ( This can be done in fortinet )

Is that a user X of internet, for example to place Remote Desktop client on port 190.190.10.10:33899 ( If an alternative one with a 9 of more, 33899 ) The public IP is mapped to a server 192.168.100.100 to the default port 3389.

Public IP: 190.190.10.10:33899 ---DNAT---Mapped 192.168.100.100:3389 ( RDP ).

Please read the previous post as well.

Thank you very much for your assistance
Thank you

High Sticker

Cyber Elite
Cyber Elite

@GabrielReyes,

This is a standard NAT entry. Just create a NAT statement with your source and service object that you want to match and setup the destination translation for the target IP and service you want to utilize. 

@GabrielReyes 

Your NAT rule should look something like that:

Screenshot_20210522-222320_Chrome.jpg

View solution in original post

@vsys_remo  Thank you, this is what I was looking for, thank

High Sticker
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!