DMZ Static NAT
From Wiki of WFilter NG Firewall
(Difference between revisions)
(Created page with "{{DISPLAYTITLE:DMZ and Static NAT}} = Introduction = Though "DMZ" and "Static NAT" both can publish local network services, they have differences: * "DMZ" equals "port forwar...") |
(→Static NAT) |
||
| (6 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{DISPLAYTITLE:DMZ and Static NAT}} | + | {{DISPLAYTITLE:Forwarding, DMZ and Static NAT}} |
= Introduction = | = Introduction = | ||
| − | |||
| − | |||
| − | |||
| − | + | "Port Forwarding", "DMZ" and "Static NAT" are all redirecting firewall rules. | |
| − | * | + | * "Port Forwarding" : forword packets on certain port(s). |
| − | * | + | * "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports). |
| + | * "Static NAT" provides one-to-one NAT for local hosts. | ||
| − | = Forwarding | + | = Port Forwarding = |
| − | + | ||
[[File:port_forward01.png|900px]] | [[File:port_forward01.png|900px]] | ||
| + | |||
| + | * Forwarding: map a WAN port, port range or all traffic to a local host. | ||
| + | ** Type: if type is "all", "source port" and "target port" shall be blank. | ||
| + | ** WAN: target WAN IP address. | ||
| + | ** Source Port: target port to the WAN interface. | ||
| + | ** Target IP: "redirected to" local host IP. | ||
| + | ** Target Port: "redirected to" port, leave it blank for same as the source port. | ||
| + | ** NAT Reflection: enable or disable NAT reflection. | ||
| + | ** Forward to VPN: When enabled, you can forward traffic to clients behind a VPN tunnel. Source IP will be translated to LAN ip address, which can be routed back via a VPN tunnel. | ||
| + | |||
| + | = DMZ = | ||
* DMZ: port forwarding on all ports. | * DMZ: port forwarding on all ports. | ||
| + | |||
[[File:dmz01.png|800px]] | [[File:dmz01.png|800px]] | ||
= Static NAT = | = Static NAT = | ||
| − | + | * On "WAN" zone, this rule can translate local traffic to a WAN ip address. | |
| + | * On "LAN" zone, this rule can translate internet traffic to a LAN ip address. | ||
[[File:nat01.png|900px]] | [[File:nat01.png|900px]] | ||
| + | |||
| + | * Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24). | ||
| + | * Range: an IP range. | ||
[[Category:Firewall]] | [[Category:Firewall]] | ||
Latest revision as of 16:00, 6 May 2022
Contents |
[edit] 1 Introduction
"Port Forwarding", "DMZ" and "Static NAT" are all redirecting firewall rules.
- "Port Forwarding" : forword packets on certain port(s).
- "DMZ" equals "port forwarding on all ports". Visits to WAN interfaces will be redirected to the DMZ host(except of the excepted ports).
- "Static NAT" provides one-to-one NAT for local hosts.
[edit] 2 Port Forwarding
- Forwarding: map a WAN port, port range or all traffic to a local host.
- Type: if type is "all", "source port" and "target port" shall be blank.
- WAN: target WAN IP address.
- Source Port: target port to the WAN interface.
- Target IP: "redirected to" local host IP.
- Target Port: "redirected to" port, leave it blank for same as the source port.
- NAT Reflection: enable or disable NAT reflection.
- Forward to VPN: When enabled, you can forward traffic to clients behind a VPN tunnel. Source IP will be translated to LAN ip address, which can be routed back via a VPN tunnel.
[edit] 3 DMZ
- DMZ: port forwarding on all ports.
[edit] 4 Static NAT
- On "WAN" zone, this rule can translate local traffic to a WAN ip address.
- On "LAN" zone, this rule can translate internet traffic to a LAN ip address.
- Single: a single IP(192.168.10.100) or subnet(192.168.10.0/24).
- Range: an IP range.
