Network Address Translation (NAT) / Port Address Translation (PAT)
|
|
Requests for the official address of the be.IP™ (WAN partner) are implemented by a rule and forwarded
to the desired IPv4 address on the LAN (exposed host) or to a special DMZ (demilitarised zone; a separate interface
monitored by additional firewall rules). In our example the destination for implementation is a web server.
In order to protect port scans on the current TCP ports (e.g. 22->ssh, 23->telnet, 80->http,
443->https) from attacks, you can configure a port address translation (PAT) from the external port 8080 to the
internal port 80. However, this is not a requirement for further configuration.
Configuration without PAT
To configure without PAT, proceed as follows:
-
Go to
Network->NAT->NAT
Configuration->New.
-
Enter a
Description e.g.
WEB-Server
.
-
Select an
Interface, e.g.
WAN_WAN-Provider
as the WAN partner’s interface.
-
Leave the settings
Type of traffic =
incoming (Destination
NAT)
.
-
Select
Service =
http
.
-
In
New Destination IP
Address/Netmask =
Host
enter the value
192.168.2.10
as the web server’s IP address.
-
Leave
New Destination
Port =
Original
.
-
Press
OK to confirm your settings.
Configuration with PAT
As an alternative to configuring without PAT, configure with PAT as follows:
-
Go to
Network->NAT->NAT
Configuration->New.
-
Enter a
Description, e.g.
WEB-Server
.
-
Select an
Interface, e.g.
WAN_WAN-Provider
as the WAN partner’s interface.
-
Leave the settings
Type of traffic =
incoming (Destination
NAT)
.
-
Leave
Service as
User-defined
.
-
Under
Protocol select
TCP
.
-
Select
Original Destination
Port/Range =
Specify port
and
enter
8080
.
-
In
New Destination IP
Address/Netmask =
Host
enter the value
192.168.2.10
as the web server’s IP address.
-
Under
New Destination
Port deactivate
Original
and enter
80
.
-
Press
OK to confirm your settings.
| Copyright© Version 01/2020 bintec elmeg GmbH |
|
