Source IP: Multiple IPs one Port

Ok. So I'm in the process of upgrading all the Cisco firewalls to 
IPFire.  So far I've been getting compliments on how much faster the 
internet is.  I didn't want to brag to them about how I invented it.  
It's our little secret.

An interesting problem popped up in this:  One client is using a spam 
filter service that forwards their email through 1 of 15 servers on a few 
different networks.  I'm supposed to restrict permission on inbound port 
25 to these 15 addresses or to those few networks.  I could do it in GWIA 
but how does one do something like this in a firewall?

Scratching head and sucking Maalox makes it difficult to type.
0
Bob
11/10/2011 5:52:46 PM
novell.community.chat 7635 articles. 0 followers. Follow

11 Replies
654 Views

Similar Articles

[PageSpeed] 21

> An interesting problem popped up in this:  One client is using a spam
> filter service that forwards their email through 1 of 15 servers on a few
> different networks.  I'm supposed to restrict permission on inbound port
> 25 to these 15 addresses or to those few networks.  I could do it in GWIA
> but how does one do something like this in a firewall?
>
> Scratching head and sucking Maalox makes it difficult to type.

Not sure why this is difficult.  You create a rule where the source is 
anything on the external interface, port 25, and the allowed 
destinations are the 15 addresses.

Is there something I'm missing?
0
Patrick
11/10/2011 6:17:53 PM
On 11/10/2011 11:52 AM, Bob Crandell wrote:
> Ok. So I'm in the process of upgrading all the Cisco firewalls to
> IPFire.  So far I've been getting compliments on how much faster the
> internet is.  I didn't want to brag to them about how I invented it.
> It's our little secret.
>
> An interesting problem popped up in this:  One client is using a spam
> filter service that forwards their email through 1 of 15 servers on a few
> different networks.  I'm supposed to restrict permission on inbound port
> 25 to these 15 addresses or to those few networks.  I could do it in GWIA
> but how does one do something like this in a firewall?
>
> Scratching head and sucking Maalox makes it difficult to type.

If IPfire only allows 1 destination IP address then just create 15 
rules.  (Silly but it would work).

0
Patrick
11/10/2011 6:20:20 PM
On Thu, 10 Nov 2011 18:17:53 +0000, Patrick Farrell wrote:

>> An interesting problem popped up in this:  One client is using a spam
>> filter service that forwards their email through 1 of 15 servers on a
>> few different networks.  I'm supposed to restrict permission on inbound
>> port 25 to these 15 addresses or to those few networks.  I could do it
>> in GWIA but how does one do something like this in a firewall?
>>
>> Scratching head and sucking Maalox makes it difficult to type.
> 
> Not sure why this is difficult.  You create a rule where the source is
> anything on the external interface, port 25, and the allowed
> destinations are the 15 addresses.
> 
> Is there something I'm missing?

Except there are 15 sources and 1 destination.
0
Bob
11/10/2011 8:17:14 PM
On 11/10/2011 2:17 PM, Bob Crandell wrote:
> On Thu, 10 Nov 2011 18:17:53 +0000, Patrick Farrell wrote:
>
>>> An interesting problem popped up in this:  One client is using a spam
>>> filter service that forwards their email through 1 of 15 servers on a
>>> few different networks.  I'm supposed to restrict permission on inbound
>>> port 25 to these 15 addresses or to those few networks.  I could do it
>>> in GWIA but how does one do something like this in a firewall?
>>>
>>> Scratching head and sucking Maalox makes it difficult to type.
>>
>> Not sure why this is difficult.  You create a rule where the source is
>> anything on the external interface, port 25, and the allowed
>> destinations are the 15 addresses.
>>
>> Is there something I'm missing?
>
> Except there are 15 sources and 1 destination.

Ok so you wish to allow port 25 to a single computer inside the 
firewall, from only 15 ip's outside the firewall.

It's still the same thing.  Either you can specify multiple addresses on 
the incoming line or you create 15 rules, each port 25 each with the 
same destination and changing the source for each rule.


0
Patrick
11/10/2011 8:42:03 PM
On Thu, 10 Nov 2011 20:42:03 +0000, Patrick Farrell wrote:

> On 11/10/2011 2:17 PM, Bob Crandell wrote:
>> On Thu, 10 Nov 2011 18:17:53 +0000, Patrick Farrell wrote:
>>
> 
> Ok so you wish to allow port 25 to a single computer inside the
> firewall, from only 15 ip's outside the firewall.
> 
> It's still the same thing.  Either you can specify multiple addresses on
> the incoming line or you create 15 rules, each port 25 each with the
> same destination and changing the source for each rule.

It's difficult because this is my first time.  It was made more difficult 
because they put the button to add addresses out in the middle of the 
screen where I couldn't find it.

Anyway sweet success.
0
Bob
11/11/2011 1:33:17 AM
On 11/10/2011 7:33 PM, Bob Crandell wrote:
> On Thu, 10 Nov 2011 20:42:03 +0000, Patrick Farrell wrote:
>
>> On 11/10/2011 2:17 PM, Bob Crandell wrote:
>>> On Thu, 10 Nov 2011 18:17:53 +0000, Patrick Farrell wrote:
>>>
>>
>> Ok so you wish to allow port 25 to a single computer inside the
>> firewall, from only 15 ip's outside the firewall.
>>
>> It's still the same thing.  Either you can specify multiple addresses on
>> the incoming line or you create 15 rules, each port 25 each with the
>> same destination and changing the source for each rule.
>
> It's difficult because this is my first time.  It was made more difficult
> because they put the button to add addresses out in the middle of the
> screen where I couldn't find it.
>
> Anyway sweet success.

Glad you got it up and going :)

0
Patrick
11/14/2011 6:22:22 PM
On Mon, 14 Nov 2011 18:22:22 +0000, Patrick Farrell wrote:

>>
>> It's difficult because this is my first time.  It was made more
>> difficult because they put the button to add addresses out in the
>> middle of the screen where I couldn't find it.
>>
>> Anyway sweet success.
> 
> Glad you got it up and going :)

The longer I use IPFire the better I like it.
0
Bob
11/14/2011 10:02:10 PM
On 11/14/2011 4:02 PM, Bob Crandell wrote:
> On Mon, 14 Nov 2011 18:22:22 +0000, Patrick Farrell wrote:
>
>>>
>>> It's difficult because this is my first time.  It was made more
>>> difficult because they put the button to add addresses out in the
>>> middle of the screen where I couldn't find it.
>>>
>>> Anyway sweet success.
>>
>> Glad you got it up and going :)
>
> The longer I use IPFire the better I like it.

I can't read the name of that product out loud without a laugh.


0
Patrick
11/14/2011 11:38:34 PM
They have medication for that.

-- 
Kim -  11/15/2011 11:40:28 AM
0
kgroneman
11/15/2011 6:40:35 PM
On 11/15/2011 12:40 PM, kgroneman wrote:
> They have medication for that.
>

Perhaps he's secretly the Human Torch.  Built in napalm dispenser...

0
Patrick
11/15/2011 9:16:18 PM
On 15/11/2011 21:16, Patrick Farrell wrote:

> Perhaps he's secretly the Human Torch. Built in napalm dispenser...

I wonder if that's how they're doing it ... 
http://www.bbc.co.uk/news/uk-england-bristol-15636544 !?
-- 
Simon
Novell Knowledge Partner (NKP)

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partner (TTP) program.  See novell.com/ttp for more details.
------------------------------------------------------------------------
0
Simon
11/16/2011 11:06:31 AM
Reply:

Similar Artilces:

multiple communities pointing to one IP issues
I create community one and community two by using ISP and when I ran the community two, it get the community one default page. Any suggestion for what I should do to get the community one and community two run separately? HYNetAdventure Use seperate domain names for them. If you're using this internally and have no DNS server, use the hosts file.rick http://techno-weenie.net Thanks! I use the provider and have asked them to list Http headers. For ex. www.abc1.com and www.abc2.com. I created www.abc2.com as a second community. Still when I ran www.abc2.com, the default page comes ou...

multiple ASA services on one server and one IP
Sybase - I have a server that i have been running a dblist.txt file and it has worked well. however for this one database i need to make it independent of the others. so i need to run it as a seperate service. on my server the first service looks like this. Service name abcxyz-snow6 -n abcxyz-snow6 -x tcpip{206.xxx.xxx.36} -p 1490 -gp 4096 -c 96M @x:\xyz\abc\dblist.txt so i went to setup the second service like this service name abc-snow -n abc-snow -x tcpip{host=206.xxx.xxx.36} -p 1490 -gp 4096 -c 48M x:\abc\db\abc.db and when i go to start this service i fa...

port redirection, multiple IP addresses (or run on port 80)
Hi all. I have a problem (I am newbee in SuSE firewall0. I do have a openSuse 11.4 and multiple IP addresses on eth0 interface eth0, 10.5.6.11,10.5.6.12/10.5.6.13/10.5.6.14........ I run (trying to/have to) multiple TOMCAT servers. I am trying to have each tomcat instance listen to on separate IP address for example: tomcat 1 - 10.5.6.11 - HTTP=8080 HTTPS=8443 tomcat 2 - 10.5.6.12 - HTTP=8080 HTTPS=8443 What i am trying to do is to redirect a) tomcat 1 - 10.5.6.11:80 to 10.5.6.11:8080 10.5.6.11:443 to 10.5.6.11:8443 a) tomcat 2 - 10.5.6.12:80 to 10.5.6.12:8080 ...

Unique Problem
ASP newbie here - Hope someone has some insight. I've checked the threads for multiple communities, and haven't found a solution that works for me nor a description of a problem just exactly like this. I have two websites - lucidmoment.com and blossomhillcollies.com They work on the same server using host headers. I have a static page at both of those sites so I know IIS is working. I have installed CSK using blossomhillcollies.com, and that community seems to work fine. Using ISPAdmin, I tried adding a community for lucidmoment.com - that site either doesn't work or I am t...

IP/UDP ports for pure IP login.
Hi, We have a ISA server between a pure IP Novell network, and we want clients to login into the servers behind the Microsoft ISA server. I have setup SLP on the servers, and one server is the Directory Agent server. I have set this DA into the clients (static). Now i need to open up the right ports to be able to login. What i know is : 524UDP 524TCP 427UDP 427TCP 2302UDP What do i need more, because for now i'm not able to login. Thanks in advance, Bastiaan. Bas, Is NAT running on the ISA server? If so, you cannot make an NCP connection over N...

Multiple IP on one server
I have a dedicated Windows 2003 Std server and I asked the provider for more IP adresses. My problem is that they don't show in the dropdown list when I have to setup the IP of each websites. I have either "All unasigned IPs" or the original IP I got with the server. Is there some setting I'm missing for these new IPs or is the provider not doing something ? On a side note, I purchased 8 adresses and I got only 6. They said the first and the last were used for routing. Is this true ? Thanks I got part of my problem solved. You need to add each IP to the TCP/IP conn...

Multiple Local IP Ports
Hi, Am looking for the simpliest way to open local ports (10,20,50) using ttcp via an database table, same time. Lieven. Lieven wrote: > Am looking for the simpliest way to open local ports (10,20,50) > using ttcp via an database table, same time. Your question is a bit too vague. What exactly are you trying to accomplish? -- Remy Lebeau (TeamB) Hi Remy, For instance I want to open port 5050,5051,5052,5053.5054 localhost same time. Now this open ports should communicate read from write to port 6000 . How could this be done merely using ttcp? Lieven &...

PROBE MY PORTS
Anyone know how to e-mail Steve Gibson at GRC, cause I'd love to know what he makes of this:> Having used the IP program from GRC.COM it provided two IP addresses, which upon further investigation at www.arin.net I found one to be my ISP and the other belonged to the US Army Information Centre - Mmm, interesting I thought. So I ran Probe My Ports first of all for my own ISP and then the same again for the US Army ISP, both of which showed as secure, but I then decided to scan the US army IP as ARIN.NET provided me with the range oftheir IP addresses so off I went, and mana...

What is Ip address if network card has more than one ip address assigned
Okay, I have a machine running sqlanywhere server, I have several ip addresses bound to the network card. if I am going to use a client on another computer, what ip address is sqlanywhere server bound to? Regards, Andy Pick one! Then when you configure the db server us it: -x TCPIP{MYIP=xxx.xxx.xxx.xxx} -- Jim Egan [TeamPS] Dynamic Data Solutions, Inc. http://www.dyn-data.com Houston, TX *********************************************************** Enterprise Applications in Your Future? JumpStart '99 Ent...

looking for a code to know if one ip can be in a set of IP
hello, i m looking for a code to know if one ip can be in a set of IP : For exemple, is 66.249.66.44 inside the set [66.249.64.0 - 66.249.95.255] ? Thanks you by advance stephane Personally, I'd just write a bit of code that fluffed out the IP so each octet had 3 characters (ie: 066.249.066.044) then just do a string compare: (ThisIP >= LowIP) and (ThisIP <= HighIP). Off the top of my head: function FluffIP(IP: string): string; var I: Integer; strTemp: string; begin strTemp := ''; Result := ''; for I := 1 to Length(IP + 1) do begin ...

Bind EAServer to a given IP address on server with multiple IPs
Hello, The systems guy at my client has set up a new W2K3 server. He has assigned multiple IP addresses to this machine. He wants Jaguar to listen on port 80 on a single specific IP address, but not the others. Can/How do I accomplish this with EAS 5.3 ? Is it as simple as setting the listener.hostname to be the IP rather than ${JAGUAR_HOST_NAME} ? Thanks, D yep. -- Dean Jones CEO PowerObjects http://www.powerobjects.com (612) 339-3355 Ext. 112 TeamSybase * * Think Sybase * * "Daniel Coppersmith" <coppersmith2002_A_T_hotmail_D_O_T_N0SPA...

Multiple Local IP Ports #2
Hi, Am looking for the simpliest way to open local ports (10,20,50) using ttcp via an database table, same time. Lieven. ...

Multiple IP:PORT connection and SMTPS
I took Devin's proposed patch to qpsmtpd-forkserver and implemented multiple IP:PORT listening. Then I modified plugins/tls to support switching to SSL during the connect phase (but only for port 465/SMTPS). I haven't updated the POD for plugins/tls yet (I'm hoping others can test it too). I committed the changes to branches/0.3x... John ...

One SSL Cert for multiple IPs
I'm planning on hosting multiple web sites on one server. Each site will map to a unique IP. Can I use one SSL Certificate for each of these sites? If so, then how? Thanks. I am about to make my previous question more complicated. I need to add that I will be making a request to my customers that they give me a wild card DNS entry in their DNS server. This means that all requests for a virtual address that go unmatched in thier DNS server will get mapped to an IP address on my server (which in turn maps to a specific web application). I'm then planning on creating many (1000s) of ...

Web resources about - Source IP: Multiple IPs one Port - novell.community.chat

Code division multiple access - Wikipedia, the free encyclopedia
Code division multiple access ( CDMA ) is a channel access method used by various radio communication technologies. It should not be confused ...

Man charged with murder of 21yo found on road in Tewantin with multiple stab wounds
Police charge a man with the murder of a 21-year-old man found lying on a road with multiple stab wounds to his chest.

Multiple shots fired at Atlanta mall - abc13.com
Multiple shots were fired Saturday evening in a suburban Atlanta mall, prompting a frantic rush by shoppers to evacuate.

Nigeria: Over 70 Feared Killed in Borno, Adamawa Multiple Blasts
More than 70 people were feared killed in multiple bomb attacks believed to have been carried out by Boko Haram militants and their agents in ...

Facebook is testing multiple topic-based News Feeds for mobile devices
... the information you want to see at the appropriate times. According to the screenshots taken by Jason Stein, Facebook looks to be testing multiple, ...

Munich Police: Islamic State Planned New Year’s Eve Attack with Multiple Suicide Bombers
Munich police warned of a “serious, imminent threat” by Islamic State group suicide bombers wanting to commit an attack on New Year’s Eve.

An insanely high percentage of people — about 42% — are seeing "Star Wars: The Force Awakens" multiple ...
With the enormous box office sales "Star Wars: The Force Awakens" is generating, it's a good bet that many people are going back numerous times ...

Miami teen shot multiple times at grandma's home
The victim reportedly remains in the hospital as police continue to search for the suspect

Gov. Jerry Brown pardoned Robert Downey Jr. for his multiple crimes in the ’90s
I’m old enough to remember when Robert Downey Jr. was an utter mess. Back in the ‘90s, I lost count of how many times he was arrested, how many ...

Gas tank explodes at plant in Nigeria; multiple fatalities reported
CNN Gas tank explodes at plant in Nigeria; multiple fatalities reported CNN Kano, Nigeria (CNN) An industrial gas tank exploded in southern ...

Resources last updated: 1/1/2016 10:11:57 PM