redirects outgoing port with FW?

Discussion in 'other firewalls' started by SUPERIOR, Jul 27, 2011.

Thread Status:
Not open for further replies.
  1. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    i have a program which try to connect server through port(80) for authentication but i need to redirect that request to port (443) which the server supports too
    is there any firewall can do that? i heard its possible on linux but couldnt find an answer for windows :ouch:
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    no firewall can do this - you need a proxy.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    You would require a firewall with NAT (Network Address Translation) / PAT (Port Address Translation).
    I am not quite sure as to what is currently available. What OS are you running?

    I still use XP on my gateway and use CHX-NAT (edit:- with a separate firewall) which does perform NAT/PAT per interface, and will do as you are looking for, but that is no longer supported/available.


    - Stem
     
    Last edited: Jul 27, 2011
  4. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Thanks guys for replying

    @Brummelchen .... i have only one computer with xp running on it, can you tell me more details how can i do that with proxy?

    @Stem.... actually i was waiting ur reply :), i am running XP... if you can give more details or some links that can help me, that would be so appreciated
    so my only chance with CHX-NAT goneo_O i am sorry for my naive questions, but does that kind of FW with NAT requires only one machine or more than one? and do i need hardware stuff?
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Never be sorry for asking questions.

    CHX-NAT that I use is a standalone application, it is not a firewall. It is used on a single PC, but can NAT either between NICs (for connection sharing), or NAT/PAT on a single NIC (although I have not actually used it for that.). It was free at one time for home use.

    As you are using XP, I will find you a link for CHX-NAT. As I stated, it is no longer supported, but does work on XP. Well, no problems on my setup, running alongside L`n`S)

    edit: Link sent via PM



    - Stem
     
    Last edited: Jul 27, 2011
  6. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Thank you very much ....i installed it after trying to get around it, i did PAT through making rules for all my NICs by putting destination port equal to 443 with translating it to 80 as port dest ...i saved rules
    then went to my browser and tried to open site with https....shouldnt be directed to http?? but it didnt

    what had i missed o_O
     
    Last edited: Jul 27, 2011
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Nothing, it is my fault, sorry. CHX-NAT will only NAT/PAT across NICs, not on one NIC. I though I had setup on one NIC before, obviously I had not.
    That appears to be the same with the other NAT firewalls I have seen.

    I have been checking for a port translator, but what comes up is either a remote port translator(for remote routers), or a local port translator for inbound connections.
    The local proxy servers can also have problems, even when they contain port mapping, as you would need to redirect your app to the internal local proxy port.



    - Stem
     
  8. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Thanks Stem again .....so nothing i can do to make local port translator?

    um....maybe i couldnt understand quite right but if i run VM and did NAT with my real machine and installed CHX on the VM....could this worko_O?
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you install a VM, then set its LAN as internal. You can then have CHX-NAT on the host and NAT/PAT the VM gateway to your WAN.
    What VM where you think of using?


    - Stem
     
  10. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    sorry but host means the real or vm

    can you explain more please

    i have VirtualPC, Vritualbox, and VMware so in your opinion, which one can help me better for my case?
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Real hardware.


    If you make the VM with an internal LAN, then is should create a gateway NIC. You can then set a rule inside CHX-NAT on that VM Gateway NIC to NAT the packets to your actual WAN NIC(your Internet connection)

    I have not used VirtualPC. VMware will always have processing running even when the VM is off. Virtualbox was a pain because of needed command lines, but I think that has now changed.
    It up to yourself. As long as it creates an internal LAN with a gateway Interface, you should be able to NAT.
    I will see if I can setup later to check.

    - Stem
     
  12. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    Thank you Stem....i will try to follow your instructions and see if i can make it
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi,

    OK, I set up Virtualbox with an XP guest.(That is, I have setup Virtualbox on XP, and have created a VM with XP installed).

    I have found that a number of changes have been made to Virtualbox. The internal LAN for the VM no longer goes through the VM NIC, there is no gateway. It is using an internal switch, so that cannot be used.
    I have setup using the "Host-only" adapter and manually set the IPconfig in the VM. It is now working with CHX-NAT(<- installed on actual hardware/ not the VM) and can translate the remote ports.

    - Stem
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you think you may have problems with setup, then you may want to install /use the latest version of Virtualbox. I can then show you the settings of the setup I have that is working.


    - Stem
     
  15. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    yes please i need that ...i tried for time but couldnt get it to work
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    OK,

    I have, installed, CHX-NAT and Virtualbox. Virtualbox now has XP installed as a VM.

    We first need to check the NIC IP of Virtualbox. On the Host(actual hardware), bring up the command window (Start -> run: Type cmd, then click OK.). In the command window, type ipconfig /all which will give you a list of the IPs on your setup. You will see an entry for Virtualbox NIC, such as:-

    Take note of the IP shown on your setup for that adapter.

    Start up Virtualbox. Select the guest(The VM you are going to use), and click on the setting for the Network. That will bring up the options window. Set the Network to "Host-only Adapter"

    network.png

    Start/boot the actual VM.
    In the VM, the IP config needs to be set manually. So open the "control panel-> network connections" and double click on the NIC" (there will only be one there in the VM)
    Change the settings to "Use the following IP address". In the setting enter the "Default Gateway" as the IP you noted earlier(The IP for the "Ethernet adapter VirtualBox Host-Only Network:"). The actual IP for the VM can be any IP that is within the LAN range.
    The DNS servers are set to "Use the following DNS server addresses". I have entered the IPs of the openDNS servers.

    ipconfig.png

    Click OK when done.

    It is now just a case of setting rules in CHX-NAT

    Open CHX-NAT.
    In the list of NICs, you will see the entry for "Interface: VirtualBox Host-Only Network".

    chx-1.png

    Select that NIC and create your rules for NAT.

    This is just a basic rule to NAT all from the VM to the Internet. I have entered my IP (my PC/hardware IP address, which is the WAN) into the Translation profile, as then, any inbound to the VM host-only adapter from the VM will be NAT into my IP and sent on to the Internet, with replies then being sent back to the VM

    CHX_Basic_rule.png

    I hope you can understand and follow the info.

    Just ask if any questions.


    - Stem
     
  17. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    um...not sure if i have to be happy because i could PAT or sad because after PAT the SSL sites cant be opened :(

    i followed ur steps ....first that rule u put must be set right? but i had to put my host IP not WAN IP to make my guest internet work

    i added another rule same former and added dest port equal to 443 ...and NAT port set to 80

    now when i tried to browse site like https://login.live.com it doesnt open ..though in chx log i can see that port 443 PATed to 80 ....and to my info must site open as it was http://login.live.com ...but it didint ....any mistake i made o_O

    another question roaming my mind .....is there anyway to reverse the whole thing ....i mean make my guest the gateway to my host machine ..so i can PAT my programs on my real machine

    PS : um....after thinking ...i guess it's because i am requesting encrypted page ..but how to get over this?

    Thank you very much stem for bearing with me
     
    Last edited: Jul 29, 2011
  18. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Not directly with CHX that I know of. You would need to look at changing the internal routing table, to force your comms through the VM NIC using the "route" command ( some info ) It is not something I have done often, so cannot really help.

    If you are trying to change the streaming from HTTPs to HTTP, then that would need to be done within the program itself.

    - Stem
     
  19. SUPERIOR

    SUPERIOR Registered Member

    Joined:
    Dec 10, 2007
    Posts:
    161
    Location:
    Syria
    ok i got it ..... thank you very very much for helping me out
     
Loading...
Thread Status:
Not open for further replies.