Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
575 Views 3 Replies Latest reply: Jun 25, 2013 5:41 PM by sliedl RSS
alex_vani Newcomer 31 posts since
Mar 24, 2013
Currently Being Moderated

Jun 24, 2013 11:34 PM

Public IP-Addresses configuraed as aliases on external Iface.

Hi,

 

Customer has a public IP-Address segment and they want to use those ip addresses to publish internet services to be accessed from Internet.

 

Customer has the following scenario.

 

External Iface:  x.x.x.130/25  so they are able to use from x.x.x.130 to x.x.x.254

 

They want to use their pulbic ip address range from: IP x.x.x.140 to IP x.x.x.145 to publish services to be accessed from internet, and then redirect that traffic to an internal server which is the application service or http web server, etc... .

 

 

So, for doing this at the McAfee Firewall running version 8.3 is it as simple as add those IP-address (one by one) on the external interface as alias iinterfaces and then create and configure the rules as follow:

 

App: http

Source Iface: External

Source: Any

Dest Iface: External

Destination: x.x.x.140  ( which is an alias ip configured on the external iface.

Redirect Address: Internal_server_IPAddress

 

Thank you !

  • PhilM Champion 528 posts since
    Jan 7, 2010

    Yes Alex, that's pretty much it.

     

    It is necessary to add the IP address as an alias on the interface screen and create a network object to be used in the rule. If I encounter any issues with my customers it is that they have created the network objects (so the rule looks OK) but forget to add the alias address on the interface.

     

    Another potential scenario is if you have (lets say) 5 public IPs and 5 web servers on your internal LAN. You can create 5 individual rules, but you can also make use of the Netmap object. You define your IP address objects for the respective internal and external IP addresses and then create a Netmap object (mapping external addresses to their corresponding internal redirects). Though I haven't done this myself for a while, I beieve you then use this Netmap object as the destination value in the rule and it will then automatically use the mapping in place of the redirect host value. This consolidates the 5 rules you would have previously created into a single rule.

     

    -Phil.

  • sliedl McAfee SME 535 posts since
    Nov 3, 2009

    105 addresses will be fine.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points