DMZ Static NAT
From Wiki of WFilter NG Firewall
(Difference between revisions)
(→Port Forwarding) |
(→Static NAT) |
||
(3 intermediate revisions by one user not shown) | |||
Line 17: | Line 17: | ||
** Target IP: "redirected to" local host IP. | ** Target IP: "redirected to" local host IP. | ||
** Target Port: "redirected to" port, leave it blank for same as the source port. | ** Target Port: "redirected to" port, leave it blank for same as the source port. | ||
+ | ** NAT Reflection: enable or disable NAT reflection. | ||
+ | ** Forward to VPN: When enabled, you can forward traffic to clients behind a VPN tunnel. Source IP will be translated to LAN ip address, which can be routed back via a VPN tunnel. | ||
= DMZ = | = DMZ = | ||
* DMZ: port forwarding on all ports. | * DMZ: port forwarding on all ports. | ||
+ | |||
[[File:dmz01.png|800px]] | [[File:dmz01.png|800px]] | ||
= Static NAT = | = Static NAT = | ||
− | + | * On "WAN" zone, this rule can translate local traffic to a WAN ip address. | |
+ | * On "LAN" zone, this rule can translate internet traffic to a LAN ip address. | ||
[[File:nat01.png|900px]] | [[File:nat01.png|900px]] | ||
− | + | ||
− | + | * Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24). | |
+ | * Range: an IP range. | ||
[[Category:Firewall]] | [[Category:Firewall]] |
Latest revision as of 16:00, 6 May 2022
Contents |
[edit] 1 Introduction
"Port Forwarding", "DMZ" and "Static NAT" are all redirecting firewall rules.
- "Port Forwarding" : forword packets on certain port(s).
- "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports).
- "Static NAT" provides one-to-one NAT for local hosts.
[edit] 2 Port Forwarding
- Forwarding: map a WAN port, port range or all traffic to a local host.
- Type: if type is "all", "source port" and "target port" shall be blank.
- WAN: target WAN IP address.
- Source Port: target port to the WAN interface.
- Target IP: "redirected to" local host IP.
- Target Port: "redirected to" port, leave it blank for same as the source port.
- NAT Reflection: enable or disable NAT reflection.
- Forward to VPN: When enabled, you can forward traffic to clients behind a VPN tunnel. Source IP will be translated to LAN ip address, which can be routed back via a VPN tunnel.
[edit] 3 DMZ
- DMZ: port forwarding on all ports.
[edit] 4 Static NAT
- On "WAN" zone, this rule can translate local traffic to a WAN ip address.
- On "LAN" zone, this rule can translate internet traffic to a LAN ip address.
- Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24).
- Range: an IP range.