3 Replies Latest reply: Jun 25, 2013 5:41 PM by sliedl RSS

    Public IP-Addresses configuraed as aliases on external Iface.

    alex_vani

      Hi,

       

      Customer has a public IP-Address segment and they want to use those ip addresses to publish internet services to be accessed from Internet.

       

      Customer has the following scenario.

       

      External Iface:  x.x.x.130/25  so they are able to use from x.x.x.130 to x.x.x.254

       

      They want to use their pulbic ip address range from: IP x.x.x.140 to IP x.x.x.145 to publish services to be accessed from internet, and then redirect that traffic to an internal server which is the application service or http web server, etc... .

       

       

      So, for doing this at the McAfee Firewall running version 8.3 is it as simple as add those IP-address (one by one) on the external interface as alias iinterfaces and then create and configure the rules as follow:

       

      App: http

      Source Iface: External

      Source: Any

      Dest Iface: External

      Destination: x.x.x.140  ( which is an alias ip configured on the external iface.

      Redirect Address: Internal_server_IPAddress

       

      Thank you !

        • 1. Re: Public IP-Addresses configuraed as aliases on external Iface.
          PhilM

          Yes Alex, that's pretty much it.

           

          It is necessary to add the IP address as an alias on the interface screen and create a network object to be used in the rule. If I encounter any issues with my customers it is that they have created the network objects (so the rule looks OK) but forget to add the alias address on the interface.

           

          Another potential scenario is if you have (lets say) 5 public IPs and 5 web servers on your internal LAN. You can create 5 individual rules, but you can also make use of the Netmap object. You define your IP address objects for the respective internal and external IP addresses and then create a Netmap object (mapping external addresses to their corresponding internal redirects). Though I haven't done this myself for a while, I beieve you then use this Netmap object as the destination value in the rule and it will then automatically use the mapping in place of the redirect host value. This consolidates the 5 rules you would have previously created into a single rule.

           

          -Phil.

          • 2. Re: Public IP-Addresses configuraed as aliases on external Iface.
            alex_vani

            Hi Phil,

             

            Thanks for your input.,

             

            Is there a limit for alias interfaces? Customer wants to enable arround 105  ip addresses for different services.

             

            Thank you.

            • 3. Re: Public IP-Addresses configuraed as aliases on external Iface.
              sliedl

              105 addresses will be fine.