Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor

UDP mapping (on R80.20)

Silly me. I tried to find the answer in Secure Knowledge or in some existing predefined service. But I could not find the answer.

I want to map a port on the firewall to a port on another server. (aka: my honeypot)

It's easy to clone http_mapped and do this for TCP port. But I can't find an example for UDP.

So I did the next best thing and did a trial-and-error attempt:

  1. Clone http_mapped to my own service HoneyPot_SIP
  2. General
    1. Match By : Change from IP Protocol 6 to IP protocol 17
  3. Advanced
    1. Match: Change tcp to udp
    2. Match: Change dport=80 to dport=5060
    3. Action: Change 80 to 5060
    4. Action: Change 0.0.0.0 to my HoneyPot IP address
  4. Publish and install policy

So far it seems work just fine. Need to do some real capturing to see it the translate actually works.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
3 Replies
PhoneBoy
Admin
Admin

Curious why you wouldn’t use regular NAT rules for this (which is what I do).

0 Kudos
Hugo_vd_Kooij
Advisor

There are some side effects if you do NAT on the gateway itself.

The port mapping does not interfere with other traffic.

But it is also is a matter of taste I guess.

The point was more about documenting HOW to do it.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Danny
Champion Champion
Champion

I remember having done this a long time ago as well. There was some advantage, NAT didn't provide back then.

However, keep in mind that any _mapped service won't be accelerated by SecureXL as mentioned by Tim.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events