Network Address Translation (NAT) / Port Address Translation (PAT) |
Requests for the official address of the be.IP™ (WAN partner) are implemented by a rule and forwarded to the desired IPv4 address on the LAN (exposed host) or to a special DMZ (demilitarised zone, a separate interface monitored by additional firewall rules). In our example the destination for implementation is the be.IP™ itself. For this reason, localhost (127.0.0.1) is used.
In order to protect port scans on the current TCP ports (e.g. 22->ssh, 23->telnet, 80->http, 443->https) from attacks, configure a port address translation (PAT) from the external port 4443 to the internal port 443.
Go to Network->NAT->NAT Configuration->New.
Enter a Description, e.g. Admin_https_4443 .
Select an Interface, e.g. WAN_GERMANY - TELEKOM ENTERTAIN .
Leave the settings Type of traffic = incoming (Destination NAT) .
LeaveService as User-defined .
Under Protocol select TCP .
Select Original Destination Port/Range = Specify port and enter 4443 .
For New Destination IP Address/Netmask = Host enter the value 127.0.0.1 .
Under New Destination Port deactivate Original and enter 443 .
Press OK to confirm your settings.
Copyright© Version 01/2020 bintec elmeg GmbH |