Network Address Translation (NAT) / Port Address Translation (PAT) |
Requests for the official address of the be.IP™ (WAN partner) are implemented by a rule and forwarded to the desired IPv4 address on the LAN (exposed host) or to a special DMZ (demilitarised zone; a separate interface monitored by additional firewall rules). In our example the destination for implementation is a web server.
In order to protect port scans on the current TCP ports (e.g. 22->ssh, 23->telnet, 80->http, 443->https) from attacks, you can configure a port address translation (PAT) from the external port 8080 to the internal port 80. However, this is not a requirement for further configuration.
To configure without PAT, proceed as follows:
Go to Network->NAT->NAT Configuration->New.
Enter a Description e.g. WEB-Server .
Select an Interface, e.g. WAN_WAN-Provider as the WAN partner’s interface.
Leave the settings Type of traffic = incoming (Destination NAT) .
Select Service = http .
In New Destination IP Address/Netmask = Host enter the value 192.168.2.10 as the web server’s IP address.
Leave New Destination Port = Original .
Press OK to confirm your settings.
As an alternative to configuring without PAT, configure with PAT as follows:
Go to Network->NAT->NAT Configuration->New.
Enter a Description, e.g. WEB-Server .
Select an Interface, e.g. WAN_WAN-Provider as the WAN partner’s interface.
Leave the settings Type of traffic = incoming (Destination NAT) .
Leave Service as User-defined .
Under Protocol select TCP .
Select Original Destination Port/Range = Specify port and enter 8080 .
In New Destination IP Address/Netmask = Host enter the value 192.168.2.10 as the web server’s IP address.
Under New Destination Port deactivate Original and enter 80 .
Press OK to confirm your settings.
Copyright© Version 08/2020 bintec elmeg GmbH |