Network Address Translation (NAT) / Port Address Translation (PAT)

Requests for the official address of the be.IP™ (WAN partner) are implemented by a rule and forwarded to the desired IPv4 address on the LAN (exposed host) or to a special DMZ (demilitarised zone, a separate interface monitored by additional firewall rules). In our example the destination for implementation is the be.IP™ itself. For this reason, localhost (127.0.0.1) is used.

In order to protect port scans on the current TCP ports (e.g. 22->ssh, 23->telnet, 80->http, 443->https) from attacks, configure a port address translation (PAT) from the external port 4443 to the internal port 443.

  1. Go to Network->NAT->NAT Configuration->New.

    Network->NAT->NAT Configuration->New

  2. Enter a Description, e.g. Admin_https_4443 .

  3. Select an Interface, e.g. WAN_GERMANY - TELEKOM ENTERTAIN .

  4. Leave the settings Type of traffic = incoming (Destination NAT) .

  5. LeaveService as User-defined .

  6. Under Protocol select TCP .

  7. Select Original Destination Port/Range = Specify port and enter 4443 .

  8. For New Destination IP Address/Netmask = Host enter the value 127.0.0.1 .

  9. Under New Destination Port deactivate Original and enter 443 .

  10. Press OK to confirm your settings.

Copyright© Version 08/2020 bintec elmeg GmbH