Contents

1.0 Introduction to NAT. 2

1.1         Some terms explained. 2

2.0 Port Forwarding: 3

2.1       Full Network Diagram (as per our setup) 3

2.2       Steps to configure port forwarding settings: 4

2.3       Destination port range and redirect target IP.. 5

2.4       Step To make aliases. 5

3.0 Users using intermediate router for internet 6

 

  

 

 

Port Forwarding

1.0           Introduction to NAT

Network Address Translation (NAT) is a way to separate external and internal networks (WANs and LANs) and to share an external IP between clients on the internal networks.

1.1             Some terms explained

a)        BINAT: NAT generally works in one direction. However, if you have networks of equal size, you can also use BINAT, which is bidirectional. This can simplify your set-up. If you don’t have networks of equal size, you can only use regular NAT.

 

b)        NAT reflection: When a client on the internal network tries to access another client, but using the external IP instead of the internal one (which would the most logical), NAT reflection can rewrite this request so that it uses the internal IP, in order to avoid taking a detour and applying rules meant for actual outside traffic.

Note

The NAT rules generated with enabling NAT reflection only include networks directly connected to your Firewall. This means if you have a private network separated from your LAN you need to add this with a manual outbound NAT rule.

 

c)      Pool options: When there are multiple IPs to choose from, this option will allow regulating which IP gets used. The default, Round Robin, will simply distribute packets to one server after the other. If you only have one external IP, this option has no effect.

 

 

 

 

2.0   Port Forwarding:

2.1   Full Network Diagram (as per our setup)

 

 

 

 

 

 

  

 

 

 

2.2    Steps to configure port forwarding settings:

Go to Firewall -> NAT -> Port Forward

Click on the plus sign to add a rule.

Make sure of the following:

1.      Interface: WAN

2.      TCP/IP version: IPv4

3.      Protocol: TCP/UDP (as per User)

4.      Destination: WAN Address

5.      NAT Reflection: Enabled

 

2.3   Destination port range and redirect target IP

For the destination Port range and Redirect target IP there are two methods to fill these settings:

a.      Directly choose the from the port range available in the options (in our case that would be Destination port range: HTTP (port 80) and Redirect target IP: (other);10.0.0.21))

b.      Make aliases for user defined destination port and redirect target IP and choose them in the options.

We have gone with method “b.”. After configuring the rule click on Save and the then on Apply changes.

2.4   Step To make aliases

Go to Firewall -> Aliases.

Click on the plus sign to add a new alias.

Give a name (example: Ubuntu_server as per our setup)

Type: Host(s)

Content: 10.0.0.21 (Redirect target IP)

Click on Save.

Again click on the plus sign to add an alias to define the user defined destination port.

Give a name (e.g.: Ubuntu_port as per our setup)

Type: Port(s)

Content: 80 (Port number)

Click on Save and then on Apply.

 

3.0   Users using intermediate router for internet

Users having an intermediate router for internet as shown in the above network diagram should configure the router settings as well for port forwarding to work.

When you successfully log in, look for “Port forwarding” or “Virtual Servers Setup”. Different routers can name the same settings differently. You need to add two new entries to allow traffic through ports 22 for SSH and 80 for web server. To do that correctly, you need the local IP address of the computer which will be used as a web server. (In our case it is 10.0.0.21.).